Jamie Spencer
How Malicious Extensions Exploit Your Browser
Your web browser is a digital hub that holds sensitive information like passwords, search history, credit card details, and addresses. Unfortunately, malicious extensions can expose this data, turning your browser into a potential security liability.
Recent findings have revealed a dangerous campaign compromising 36 Chrome extensions, putting over 2.6 million users at risk. Hackers exploit extensions as a gateway to steal sensitive user data, including browsing history and account credentials.
The Methods Behind the Attack
Security experts from Cyberhaven uncovered that attackers are targeting legitimate extension developers through phishing campaigns, tricking them into granting permissions to malicious applications. These applications then inject harmful code into popular extensions, allowing them to:
- Steal cookies and access tokens
- Exfiltrate browsing data
- Monitor user activity
- Bypass security measures, including two-factor authentication
Sometimes, developers unknowingly include data-gathering code in extensions as part of monetization efforts, making it harder to distinguish between deliberate data collection and hacking.
High-Risk Extensions Identified
Secure Annex, a browser extension security platform, has launched an investigation into this hacking campaign. They have identified several compromised extensions that should be removed immediately to safeguard your data.
Compromised Extensions:
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMind AI Assistant
- VPNCity
- Internxt VPN
- VidHelper Video Downloader
- Reader Mode
- Parrot Talks
- Proxy SwitchyOmega (V3)
- ChatGPT App
- Web Mirror
View the full list of compromised extensions on Secure Annex’s public Google Sheet.
How to Protect Your Data
If you have any of these extensions installed, it’s crucial to remove them immediately. Even if the malicious versions have been taken down from the Chrome Web Store, hackers can still access your data through residual vulnerabilities.
Here are additional steps to enhance browser security:
- Regularly audit installed extensions.
- Download extensions only from trusted developers.
- Use security tools, like browser extension security platforms, to identify risks.
- Update your browser and extensions regularly to patch vulnerabilities.
The Ongoing Investigation
Secure Annex continues to investigate the scope of this campaign and is updating its list of malicious extensions as new threats emerge. The company is actively collaborating with security researchers to mitigate risks and ensure user safety.
