Malicious Chrome Extensions Affect 1.7 Million Users in Major Browser Security Breach
Malicious Chrome Extensions have compromised the privacy and safety of over 1.7 million users, according to a new investigation by cybersecurity firm Koi Security. People found that these extensions, which can be found in the Chrome Web Store, secretly tracked their browsing and might have sent them to dangerous websites.
Bleeping Computer was the first to report the incident, after Koi Security researchers raised the alarm. The extensions, which looked like useful tools like VPNs, emoji keyboards, color pickers, and video controllers, got thousands of good reviews, which made them look safe to regular users. In reality, a lot of them had bad updates that secretly turned on bad behavior in the background.
Trusted Extensions Turned Dangerous Over Time
Initially, these extensions operated normally. However, Koi Security discovered that subsequent updates pushed through Google’s auto-update system introduced new malicious code. This code utilized Chrome’s background service worker and Extensions API to monitor user activity. As users browsed the internet, the extensions silently collected URLs and sent them to a remote server along with a unique tracking ID.
This setup made it possible for dangerous redirects to phishing or malware-infected websites to happen. Koi Security hasn’t confirmed any active attacks yet, but they had all the tools they needed to carry them out.
List of Malicious Chrome Extensions You Should Remove No
Koi Security has advised users to immediately uninstall the following extensions if they are installed:
- Color Picker, Eyedropper — Geco colorpick
- Emoji Keyboard Online — Copy & paste your emoji
- Free Weather Forecast
- Video Speed Controller — Video manager
- Unlock Discord — VPN Proxy
- Dark Theme — Dark Reader for Chrome
- Volume Max — Ultimate Sound Booster
- Unblock TikTok
- Unlock YouTube VPN
- Weather
- Unlock TikTok — Seamless Proxy Access
Notably, “Volume Max — Ultimate Sound Booster” had been previously flagged for suspicious behavior, though no proof of malicious activity was found until now.
Impact Spreads Beyond Chrome
Some of these bad extensions were also available in the Microsoft Edge Add-ons Store, where at least 600,000 people downloaded them. These threats could have affected more than 2.3 million people, making it one of the biggest security breaches in a web browser in the past few years.
What Users Should Do Next
Koi Security strongly urges users to take the following steps:
- Uninstall the listed extensions immediately
- Clear browser data and cookies
- Run a malware scan on their device
- Monitor all online accounts for unusual activity
Google has started removing some of these extensions, but many are still live. Users are encouraged to act swiftly to protect their privacy and data.
