Researchers from Stanford University and the Helmholtz Center for Information Security (CISPA) uncovered a widespread issue in Chrome extensions: hundreds of millions of users installed add-ons that could be compromised or deliver harmful code over a multi-year span. TechSpot reports that fewer than 1% of all extensions in the Chrome Web Store are flagged as containing malware, underscoring how small a portion of the catalog can pose real risk, even as the vast majority remain seemingly trustworthy.
According to the CISPA study covering July 2020 through February 2023, about 346 million users installed extensions labeled as SNE that carried potential threats, malware, policy violations, or vulnerable code. The researchers note that a substantial subset, around 63 million extensions, did not pose a threat. The data highlights how label categorization alone may not reliably separate safe from dangerous software in this ecosystem.
Dangerous or questionable extensions can linger in the store for long periods. One notable example, TeleApp, remained available for eight and a half years before its removal in June 2022. Across the Chrome Web Store, the catalog exceeds 250 thousand extensions, illustrating the scale of the challenge faced by users and platform monitors alike.
Another troubling finding from the study is that user ratings often fail to reveal malicious intent. Users rarely assign low ratings to SNE extensions, making detection through feedback unreliable. In many cases, positive reviews may be generated by automation, and nearly half of SNE extensions lack any user comments altogether, leaving consumers with little guidance from the crowd.
Google responds by stating that its security team provides personalized summaries of installed extensions, conducts verification before publishing, and maintains ongoing monitoring. Yet researchers argue that the level of oversight has not always prevented dangerous extensions from remaining in the store after vulnerabilities were discovered, suggesting room for improvement in continuous protection and auditing practices.
Earlier reports also highlighted other security concerns in the broader tech ecosystem, including discoveries of hidden experiments conducted within residential settings. These disclosures have contributed to ongoing discussions about how platforms audit and secure software across different environments, as well as how users can better protect their devices and data from risky extensions.