16 hijacked browser extensions expose 3.2 million users

Cybercriminals are perpetually uncovering caller ways to exploit trusted apps and browser extensions. 

Since radical thin to spot tools that look legitimate, attackers usage them to dispersed malware oregon bargain delicate data. A caller study reveals that implicit 3.2 cardinal users person been affected by a security breach involving malicious browser extensions. 

These extensions, which appeared genuine, were secretly embedding harmful scripts, stealing information and manipulating hunt results. 

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

A antheral utilizing a Chrome browser. (Kurt "CyberGuy" Knutsson)

How were the extensions compromised?

GitLab Security has uncovered a large information breach affecting implicit 3.2 cardinal users done a web of compromised browser extensions, including immoderate linked to GitLab. The onslaught stemmed from a proviso concatenation breach, wherever menace actors infiltrated morganatic extensions and pushed malicious updates. These updates embedded hidden scripts that allowed unauthorized information collection, altered HTTP requests and injected ads into web pages — each without users noticing.

Originally built for tasks similar advertisement blocking, emoji input and surface recording, these extensions were repurposed done covert updates that exploited the extended permissions users had granted, enabling real-time manipulation of web activity.

Typically, malicious extensions oregon apps are created solely to bargain data, with their advertised functionality being an afterthought oregon simply a mode to get listed successful an authoritative store. That was not the lawsuit here. These were morganatic extensions that became harmful lone aft attackers injected malicious updates into them.

An illustration of a hacker astatine work. (Kurt "CyberGuy" Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Which extensions are affected?

Several of the compromised extensions are commonly utilized and whitethorn beryllium contiguous successful your browser. For instance, advertisement blockers specified arsenic AdBlock are valued for eliminating disruptive advertisements and enhancing browsing privacy. However, successful this breach, these tools were manipulated to present malicious payloads. The pursuing extensions person been identified arsenic affected:

1. AdBlock Plus
2. Emoji Keyboard
3. Screen Capture Pro
4. Dark Mode Toggle
5. Grammar Checker
6. PDF Converter
7. Weather Forecast
8. Coupon Finder
9. Video Downloader
10. Password Manager
11. Translate Tool
12. Privacy Shield
13. Speed Test
14. News Reader
15. Shopping Assistant
16. VPN Extension

If immoderate of these extensions are installed connected your browser, it is recommended that you measure their permissions and see their removal until authoritative information updates are verified.

The malicious extensions bypassed Content Security Policy protections, which are designed to forestall cross-site scripting attacks, allowing attackers to modify web contented without detection. They besides communicated with command-and-control servers to person further instructions, showing a precocious level of coordination. The attackers exploited the spot users spot successful the Chrome Web Store and its automatic update system. Investigations suggest this enactment has been ongoing since astatine slightest July 2024.

Google Chrome connected a smartphone. (Kurt "CyberGuy" Knutsson)

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

How to region an hold from Google Chrome

If you person installed 1 of the above-mentioned extensions connected your browser, region it arsenic soon arsenic possible. To region an hold from Google Chrome, travel these steps:

• Open Chrome and click the icon that looks similar a portion of a puzzle. You’ll find it successful the top-right country of the browser.
• You tin spot each the progressive extensions now. Click the three dots icon adjacent to the hold you privation to region and select Remove from Chrome.
• Click Remove to confirm.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Steps to region an hold from Google Chrome. (Kurt "CyberGuy" Knutsson)

6 ways you tin support your idiosyncratic data

Here are 6 ways to safeguard your delicate accusation and support your online privacy:

1. Keep your browser and extensions up-to-date: Outdated bundle is simply a goldmine for cybercriminals. Bugs oregon information gaps successful aged versions of your browser oregon extensions tin beryllium exploited to inject malicious code, bargain information oregon instrumentality power of your system. Updates spot these vulnerabilities, making them a captious enactment of defense. Turn connected automatic updates for your browser (e.g., Chrome, Firefox, Edge) truthful you’re ever moving the latest mentation without reasoning astir it. See my usher on keeping your devices and apps updated for much information.

2. Install extensions lone from trusted sources: Official browser stores similar the Chrome Web Store oregon Firefox Add-ons person rules and scans to drawback atrocious actors, but they’re not perfect. Extensions from random websites oregon third-party downloads are acold much apt to fell malware oregon spyware. Stick to the authoritative store for your browser — don’t download extensions from sketchy links. 

3. Have beardown antivirus software: The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe. Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Be skeptical of extensions requesting unnecessary access: Some extensions overreach connected purpose. A calculator instrumentality asking for your browsing past oregon a upwind app wanting your login information is simply a immense reddish flag.

Before installing, ask: "Does this support lucifer the extension’s job?" If the answer’s no, don’t instal it. Watch retired for wide permissions similar "Read and alteration each your information connected websites you visit" unless it’s intelligibly justified (e.g., a password manager). If an update abruptly adds caller support requests, excavation into why. It mightiness mean the hold has been sold oregon hacked.

5. Update your passwords: Change passwords for immoderate accounts that whitethorn person been affected by the incident, and usage unique, beardown passwords for each account. Consider utilizing a password manager. This tin assistance you make and store strong, unsocial passwords for each your accounts. Get much details astir my best expert-reviewed Password Managers of 2025 here.

6. Remove your idiosyncratic information from nationalist databases: If your idiosyncratic information was exposed successful this information incident, it’s important to enactment rapidly to trim your hazard of individuality theft and scams. While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren’t inexpensive — and neither is your privacy. These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It’s what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you. Check retired my apical picks for information removal services here.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Kurt’s cardinal takeaways

Browser extensions tin amended functionality but besides airs important information risks if not cautiously managed. If you person immoderate of the supra extensions installed successful Chrome, you should region them immediately. Treat your browser arsenic a cardinal portion of your integer security. Regularly cheque your extensions, region unnecessary permissions and beryllium cautious astir automatic updates, adjacent from trusted sources.

Should browsers instrumentality stricter restrictions connected what extensions tin bash by default? Let america cognize by penning america at Cyberguy.com/Contact

CLICK HERE TO GET THE FOX NEWS APP

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy’s Exclusive Coupons and Deals

Copyright 2025 CyberGuy.com. All rights reserved.