Security researchers have uncovered 11 malicious Chrome extensions with over 1.7 million downloads, raising alarm over serious privacy risks. These extensions track browsing activity and may redirect users to unsafe websites, putting millions at risk of cyberattacks.

Fake Tools, Real Threats

The discovery was made by Koi Security, which found that these extensions posed as legitimate tools like VPNs, color pickers, volume boosters, and emoji keyboards. Many had high ratings and positive reviews, making them appear trustworthy to users.

However, the danger lies in stealthy updates. While initial versions were harmless, later updates introduced hidden malicious code. Google’s auto-update system deployed these versions silently, allowing the threat to spread without user knowledge.

How the Tracking Works

The extensions used Chrome’s service worker API to trigger a listener every time a user visited a new webpage. This listener captured the URL and sent it to a remote server, however along with a unique ID assigned to the user. This data could be used for surveillance or redirect users to phishing or malware-laden sites.

Read: Intel May Refresh Arrow Lake CPUs With Boosted AI Performance

Although no redirection has been observed yet, the potential for abuse is significant.

Suspicious Extensions to Uninstall

Koi Security urges users to immediately remove the following extensions:

  • Color Picker, Eyedropper — Geco colorpick

  • Emoji Keyboard Online — Copy & Paste your emoji

  • Free Weather Forecast

  • Video Speed Controller — Video manager

  • Unlock Discord — VPN Proxy

  • Dark Theme — Dark Reader

  • Volume Max — Ultimate Sound Booster

  • Unblock TikTok

  • Unlock YouTube VPN

  • Weather

However Some of these remain available on the Chrome Web Store and Microsoft Edge Store, collectively affecting over 2.3 million users.

What Users Should Do

Users are advised to uninstall the listed extensions, clear browser data to remove trackers, scan for malware, and monitor for unusual account activity. In conclusion Koi Security warns that browser-based threats like these highlight the need for cautious extension use and verification through official channels.

Follow us on InstagramYouTubeFacebook,, X and TikTok for latest updates

Leave a comment

Your email address will not be published. Required fields are marked *

Exit mobile version