Hacked Chrome Extensions Expose 2.6 Million Users to Data Leaks
A significant security breach has exposed millions of Chrome users to potential data theft. Security researchers have uncovered a malicious campaign targeting Chrome browser extensions, compromising over 36 extensions and impacting more than 2.6 million users. This alarming discovery highlights the vulnerability of browser ecosystems and the need for heightened cybersecurity awareness.
The Scale of the Chrome Extensions Hack
The sheer scale of the breach is staggering. Over 2.6 million Chrome users are potentially at risk of having their sensitive data, including browsing history, passwords, financial details, and account credentials, exposed. This underscores the critical need for users to take immediate action to protect their information. The compromised extensions act as gateways for hackers to steal sensitive user data through various methods.
Methods Employed by Hackers
Hackers are employing sophisticated techniques to infiltrate these extensions. One prevalent method involves phishing campaigns targeting developers of legitimate extensions on platforms like the Chrome Web Store. Attackers deceive developers into granting permissions to malicious applications, which then insert harmful code into popular extensions. This code stealthily steals cookies, access tokens, and other valuable user data.
Another concerning tactic involves developers unknowingly incorporating data-gathering code as part of monetization software development kits (SDKs). This covert data exfiltration makes it difficult to distinguish between intentional inclusion by the developer and a hacking campaign. This ambiguity further complicates the security landscape and necessitates a thorough review of all installed extensions.
Identifying and Removing Hacked Chrome Extensions
The browser extension security platform, Secure Annex, played a crucial role in uncovering this widespread attack. Their investigation revealed over twenty additional compromised extensions. A public Google Sheet has been created to list these malicious extensions, indicating their status (updated or removed). This collaborative effort is vital in ensuring that users can quickly identify and remove any potentially harmful extensions from their browsers.
Here’s a list of some of the compromised extensions identified by Secure Annex:
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
- Tackker – online keylogger tool
- AI Shop Buddy
- Sort by Oldest
- Rewards Search Automator
- ChatGPT Assistant – Smart Search
- Keyboard History Recorder
- Email Hunter
- Visual Effects for Google Meet
- Earny – Up to 20% Cash Back
- Cyberhaven security extension V3
- GraphQL Network Inspector
- Vidnoz Flex – Video recorder & Video share
- YesCaptcha assistant
- Proxy SwitchyOmega (V3)
- ChatGPT App
- Web Mirror
- Hi AI
How to Remove Malicious Extensions from Google Chrome
To remove a compromised extension from Google Chrome, follow these steps:
- Open Chrome and click the puzzle piece icon in the top-right corner.
- Locate the extension you want to remove.
- Click the three dots next to the extension.
- Select “Remove from Chrome.”
- Click “Remove” to confirm.
It is crucial to remember that even after removal from the Chrome Web Store, these hacked Chrome extensions may still pose a risk. Hackers might retain access to your data. Therefore, prompt removal is paramount.
Best Practices for Browser Extension Security
To mitigate the risk of future attacks, users should adopt the following best practices:
- Verify Emails and Links: Be wary of phishing emails impersonating trusted entities like the Google Chrome Web Store. Always verify the sender’s email address and avoid clicking on links without double-checking their authenticity.
- Strong Antivirus Software: Employ robust antivirus software to detect and block malicious code, even if embedded in browser extensions.
- Limit Extension Permissions: Carefully review the permissions requested by each extension and deny excessive access to sensitive data.
- Limit the Number of Extensions: Install only necessary extensions and regularly review and uninstall unused ones.
- Keep Your Browser Updated: Regularly update your browser to benefit from critical security patches.
- Regularly Audit Extensions: Periodically review installed extensions and remove any unnecessary or suspicious ones.
- Report Suspicious Extensions: Report any suspicious extensions to the official browser extension marketplace.
The discovery of these hacked Chrome extensions serves as a stark reminder of the ever-evolving threat landscape. Maintaining vigilance, practicing safe browsing habits, and promptly removing suspicious extensions are critical steps in protecting your online security. The incident also raises concerns about the review processes of trusted platforms like the Chrome Web Store, highlighting the need for continuous improvement in security measures.
