Google has removed several harmful Chrome extensions from its official store, marking a notable action in browser security. The discovery came to light through researchers tracking the Chrome ecosystem, highlighting how risky add-ons can slip into trusted sources and affect many users across North America.
The security firm McAfee first identified these dangerous extensions, which had already been downloaded by more than a million users. In addition to collecting data stealthily, the extensions could monitor user activity across sites and relay this information back to an attacker. Such behavior underscores the ongoing challenge of maintaining a safe extension marketplace in a rapidly evolving digital landscape.
According to the findings, the extensions offered features that appeared legitimate, including streaming content to multiple users concurrently, capturing screenshots, and automatically locating discounts to help with online purchases. These claims helped the extensions blend in with normal browsing tools while concealing their true purpose.
Investigators observed that the extensions transmitted site URLs along with a unique browser identifier and geolocation data to a remote server controlled by the attacker. To avoid immediate detection, the developers programmed the extensions to remain functional for the initial two weeks after installation while gradually ramping up their covert activities.
The report also notes a broader issue: policy updates and interface changes in the Chrome ecosystem can impact how legitimate extensions work, sometimes causing legitimate tools such as ad blockers to break or require updates. This situation calls for vigilance from both users and developers to ensure continued security and reliability in browser extensions.