Just because an extension has been downloaded thousands of times and looks harmless, doesn’t mean it’s legit. These 35 extensions on the Chrome Web Store are spying on you right under Google’s nose—and you need to remove them now.
Delete These 35 Chrome Browser Extensions Now
Security researcher John Tuckner found a cluster of at least 35 extensions using the same code patterns that connect to some of the same servers and require the same list of sensitive system permissions. The extensions have over 4 million installs collectively, and ten even have the “Featured” designation on the Chrome Web Store—a badge reserved for verified developers that you can trust.
Surprisingly, all extensions except one are unlisted in the Chrome Web Store, meaning they don’t appear in the Web Store or search results. It’s unclear how they were able to gather such a large number of installs.
The full list of extensions is as follows:
In aSecure Annexblog post, Tuckner clarifies that the extensions claim to have some purposes, like ad blocking, providing better search results, privacy protection, and ironically, extension protection. While this likely keeps the extensions available on the Chrome Web Store, the underlying code to power their claimed purpose is often minimal or missing entirely.
All 35 extensions have their code obfuscated, which is not a good sign from a security perspective, as it conceals the extension’s behavior and slows down analysis. The extensions also have the domain unknow.com configured in their background services. The domain has no relevance in the underlying code, but it’s useful for linking them.
They also request permissions that are beyond the scope of what a particular extension aims to do, including:
As you can probably guess, these permissions can give an extension a lot of access to your browser and private data, potentially resulting in a rather damaging breach. Most extensions don’t require such high-level permissions, meaning that even if they’re not using their extended access for something malicious, they still present unnecessary risk.
This is far from the first security incident with Chrome extensions. Millions of users have been affected bymalicious Chrome extensionsin the past. While Google does take Chrome’s security seriously, it’s worthchecking the safety of Chrome extensionsbefore you click that install button.
