A recent discovery has revealed that 57 Chrome extensions, collectively installed by 6 million users, possess potentially dangerous capabilities. These extensions can monitor browsing behavior, access cookies from various domains, and execute remote scripts, posing significant privacy and security threats.

Uncovering the Hidden Extensions

The extensions in question are not visible in Chrome Web Store searches and are not indexed by search engines. They can only be installed via direct URLs, making them elusive to the average user. While some of these extensions are legitimate internal tools or in-development software, malicious actors may exploit them to bypass detection and distribute them through ads and harmful websites.

Research Findings

John Tuckner, a researcher from Secure Annex, identified the first 35 extensions while investigating a suspicious extension named 'Fire Shield Extension Protection.' This extension was heavily obfuscated and communicated with an API to send collected browser data.

  • Tracking Mechanism: The extension used a domain called "unknow.com" to connect with other extensions claiming to offer ad-blocking or privacy protection.
  • Excessive Permissions: These extensions could access cookies, monitor browsing behavior, modify search results, and execute scripts remotely.

Potential Spyware Capabilities

Although Tuckner did not find evidence of password or cookie theft, the risky permissions and obfuscated code suggest spyware potential. The extensions could list top sites visited, open or close tabs, and execute various actions remotely, raising significant concerns.

Additional Extensions Discovered

Following the initial findings, 22 more extensions were identified, bringing the total to 57. Some of these extensions are publicly available, while others remain unlisted. Despite some being removed from the Chrome Web Store, several are still accessible.

  • Popular Extensions: Notable extensions include 'Cuponomia – Coupon and Cashback' with 700,000 users and 'Fire Shield Extension Protection' with 300,000 users.
  • Security Recommendations: Users are advised to uninstall these extensions and reset passwords on online accounts as a precaution.
The link has been copied!