Cybercriminals are constantly finding new ways to take advantage of trustworthy apps and browser extensions.
People tend to trust tools that look legal, so attackers use them to spread malware and steal sensitive data. A new report reveals that over 3.2 million users are affected by security breaches, including malicious browser extensions.
These extensions, which seemed real, secretly embed harmful scripts, steal data, and manipulated search results.
Be protected and informed! Get security alerts and expert technical tips – Sign up for The CyberGuy Report in Cart now
A man using a Chrome browser. (Kurt “Cyberguy” Knutsson)
How was the extension compromised?
GitLab Security has revealed major security breaches affecting more than 3.2 million users through a network of compromised browser extensions, including some linked to GitLab. The attacks stem from supply chain violations in which threat actors infiltrated legal expansions and promoted malicious updates. These updates included hidden scripts that allow for unauthorized data collection, changes to HTTP requests, and insert ads into web pages.
Originally built for tasks like ad blocking, emoji input, screen recording, and more, these extensions were reused through hidden updates that utilize the extensive user-authorized permissions, allowing real-time manipulation of web activity.
Usually, malicious extensions or apps are created solely to steal data, and the functionality advertised is a way in which they are listed in the official store or simply by postscripts. That wasn’t the case here. These were legitimate extensions that became harmful only after an attacker injected malicious updates into them.
Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)
Hidden Costs of Free Apps: Your Personal Information
Which extensions are affected?
Some of the compromised extensions are commonly used and may reside in your browser. For example, ad blockers such as Adblock are valued for eliminating destructive ads and for enhancing browsing privacy. However, in this violation, these tools were manipulated to provide malicious payloads. The following extensions have been identified as being affected:
Adblock Plusemoji Keyboard Screen Capture Pro Dark Mode Toggle Gramma Checker Checker converterweather forecastcoupon findervideo downloadorpassword manager translation tool Privacy Shield Speed ​​Test News Readershopping AssistantVpn Extension
If any of these extensions are installed in your browser, we recommend that you evaluate permissions and consider removing them until the official security update has been verified.
The malicious extension is designed to bypass content security policy protection, designed to prevent cross-site scripting attacks, allowing attackers to modify web content without detection. It also communicated with the command and control server to receive further instructions and demonstrated a high level of adjustment. The attacker used the Chrome Web Store and its automatic update system, TrustUsers Place. Research suggests that this activity has been ongoing since at least July 2024.
Google Chrome on your smartphone. (Kurt “Cyberguy” Knutsson)
From Tiktok to Trouble: How to weaponize your online data against you
How to remove extensions from Google Chrome
If you have installed one of the above extensions in your browser, remove them as soon as possible. To remove extensions from Google Chrome, follow these steps:
Open chrome and click on the icon that looks like a puzzle. It will appear in the top right corner of the browser. You can see all active extensions. Click the three dot icon next to the extension you want to delete and select Delete from Chrome. Click Delete to confirm.
What is Artificial Intelligence (AI)?
Steps to remove extensions from Google Chrome. (Kurt “Cyberguy” Knutsson)
Six ways to protect your personal data
Below are six ways to protect sensitive information and maintain online privacy.
1. Keep your browser and extensions up to date. The outdated software is cybercriminal Goldmine. You can exploit bugs or security gaps in older versions of your browser or extension to inject malicious code, steal data, and control the system. The update patches these vulnerabilities and makes them an important line of defense. I turn on automatic browser updates (e.g. Chrome, Firefox, Edge, etc.) so I’m always running without thinking about the latest version. For more information, see the Keep Your Device and Apps Updated Guide.
2. Install extensions only from trusted sources: Official browser stores such as the Chrome Web Store and Firefox Add-ons have rules and scans to catch bad actors, but they are not perfect. Extensions from random websites or third-party downloads are much more likely to hide malware and spyware. Stick to the official store for your browser. Do not download extensions from the sketchy links.
3. Have powerful antivirus software: The best way to protect yourself from malicious links to install malware is to install antivirus software on all devices as it may access your personal information. This protection can also warn you that it will phish email and ransomware scams and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
Click here to get your Fox business on the go
4. Be skeptical of extensions that require unnecessary access: Some extensions go too far on purpose. A weather app that requires a calculator or login data to find a browsing history is a big red flag.
Before installing, you will ask “Does this permission match the extension’s job?” If the answer is good, don’t install it. Unless explicitly justified (for example, a password manager), be aware of extensive permissions such as “read and modify all data on the website you access.” If the update suddenly adds a new permission request, dig into why. This may mean that the extension has been sold or hacked.
5. Update Password: Change the password of accounts that may have been affected by the incident and use a unique, strong password for each account. Consider using a password manager. This will help you generate and store strong and unique passwords for all your accounts. For more information about my best expert reviewed password managers of 2025, click here.
6. Delete Personal Data from Public Database: If personal data is published in this security incident, it is important to act promptly to reduce the risk of identity theft and fraud. Although there is no service that guarantees the complete deletion of data from the Internet, data deletion services are truly a wise choice. They aren’t cheap – and your privacy isn’t either. These services do all of their work by proactively monitoring and systematically erasing personal information from hundreds of websites. It has given me peace of mind and has proven to be the most effective way to erase personal data from the internet. By limiting the available information, you reduce the risk that scammers cross-referencing your data from violations, providing information they may find on the dark web, making it difficult for them to target you. Please see the top picks for data deletion services.
Massive security flaws put the most popular browsers at risk with MAC
Important takeouts for your cart
Browser extensions can improve functionality, but if not managed carefully, they pose serious security risks. If the above extensions are installed in Chrome, you should remove them immediately. Treat your browser as an important part of digital security. Check your extension regularly, remove unnecessary permissions, and be careful about automatic updates, even from trusted sources.
Should browsers implement stricter restrictions on what extensions can do by default? Please let us know at cyberguy.com/contact
Click here to get the Fox News app
For more information about my tech tips and security alerts, head to cyberguy.com/newsletter and subscribe to our free Cyberguy Report Newsletter
Please ask your cart or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber ​​Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
