If you’re using Google Chrome, you’ve got a reason to be cautious. Recent research uncovered 108 Chrome extensions that secretly steal user information, including login credentials and browsing activity. These extensions, found in the Chrome Web Store, come from five different developers but are controlled by a single operator. Together, they have about 20,000 installations, which seems small compared to Chrome’s 3.62 billion users, but it still raises alarms.
What Types of Extensions Are Involved?
These extensions fall into various categories, such as:
- Telegram clients
- Slot machine and Keno games
- YouTube and TikTok tools
- Page utility add-ons
While they look useful, they run malicious background programs. For example, a Telegram client may seem to offer a standard chat interface, but it actually steals messages and contacts every 15 seconds. Additionally, some extensions can access your Google account identity when logging in, exposing your email, name, and profile picture—even though they don’t get full access to your account.
The Risks of These Extensions
According to the report, some extensions can:
- Open any URL in your browser without permission.
- Inject harmful code into web pages.
- Circumvent security measures on sites like YouTube to display unwanted ads.
This highlights a significant issue: even popular extensions can pose hidden threats.
Protect Yourself
Here are some steps you can take to safeguard your online activity:
Review Your Extensions: Check if you have any of the identified extensions installed. Some known ones include “Telegram Multi-account” and “Black Beard Slot Machine.” You can view the complete list in the Socket report.
Logout from Suspicious Sessions: If you used any questionable extensions, log out of all active sessions in apps like Telegram. Go to Settings > Devices > Terminate all other sessions.
Check Google Permissions: If you logged in using your Google account, immediately check your third-party app permissions to see if there’s anything suspicious.
Exercise Caution: Be careful when installing new extensions in the future. Review listings carefully. Look for user reviews and avoid extensions that request sensitive information without clear purpose.
Expert Insight
Cybersecurity experts stress the importance of being vigilant. “A seemingly harmless extension can have far-reaching effects,” says Dr. Sara Lightman, a cybersecurity analyst at TechSecure. “It’s crucial to stay informed and cautious.”
User Reactions
On social media, users have expressed frustration over these discoveries. Many report feeling betrayed by apps they trusted. Some suggest Chrome should implement stricter vetting processes for extensions.
Why You Should Care
Given the prevalence of data breaches, understanding how to protect your information is essential. While the internet offers countless tools for convenience, it also hides risks that can compromise your privacy.
Staying informed and cautious can help you enjoy your online experience safely. Cybersecurity should be a personal priority, and being proactive can make all the difference.
