Google Chrome Privacy Trick
Kurt The CyberGuy explains how to increase security and privacy on your device via Google Chrome when browsing the web.
Chrome extensions are extremely useful whether you block ads, track the best deals, or enhance your browsing experience. These can be downloaded from the Chrome Web Store, which works like the Play Store for extensions. However, extensions are more likely to mimic and become malicious software than apps.
As we reported, over 3.2 million users have been affected by security breaches related to 16 malicious browser extensions.
Now, security researchers have discovered polymorphic attacks that allow malicious Chrome extensions to convert other browser extensions such as password managers, crypto wallets, and banking apps to steal sensitive information.
Learn how this attack works and how to protect yourself from it.
Be protected and informed! Get security alerts and expert technical tips – Sign up for The CyberGuy Report in Cart now
Chrome browser on your smartphone (Kurt “Cyberguy” Knutsson)
How malicious polymorphic attacks work
Security researchers at Squarex Labs have discovered a new attack that allows malicious Chrome extensions to steal sensitive information by disguising legitimate extensions such as password managers, crypto wallets and banking apps. This “polymorphic” attack uses Chrome’s extension system to trick users while staying under the radar.
The attack starts with a hacker uploading what appears to be a harmless extension to the Chrome Web Store. Realistic features like AI-powered marketing tools are even there to convince users to install and pin them in their browsers.
Once installed, the malicious extension will scan the victim’s browser for other extensions. This can be done in two ways. If you have permission to use the “Chrome.Management” API, you will get a list of installed extensions directly. If not, insert the code into the web page to see the unique files or resources associated with the particular extension.
If a target extension, such as 1Password, is found, the malicious extension is reported to the attacker control server. The attacker then tells him to be impersonating the real extension by disabling the permission if it is permitted, changing the name and icon, and displaying a fake login popup that looks real.
Fake extension pages (squarex)
Hidden Costs of Free Apps: Your Personal Information
Social engineering makes things worse
To steal user credentials, the malicious extension will trigger a fake “session expired” prompt when the victim tries to log in to the website. This will lead them to think they will have to re-enter their password manager or banking app credentials. When they do so, the stolen data is sent directly to the attacker.
After collecting the credentials, the extension will return to the original form. It restores legitimate extensions and makes everything look normal, so the victim doesn’t doubt anything. This shows how dangerous malicious Chrome extensions are and why more powerful security measures are needed to protect users.
We contacted Google and a spokesman told Cyberguy, “We’ve been thankful for the work of the research community and received the report. We’re constantly investing in ways to improve the security of our Chrome Web Store.
What is Artificial Intelligence (AI)?
Google Chrome Extensions for Laptop (Kurt “Cyberguy” Knutsson)
Outmart hackers trying to steal your identity
Five Ways to Protect Your Personal Data
Below are five ways to protect sensitive information and maintain online privacy.
1. Keep your browser and extensions up to date: outdated software is Goldmine for cybercrime. You can exploit bugs or security gaps in older versions of your browser or extension to inject malicious code, steal data, and control the system. The update patches these vulnerabilities and makes them an important line of defense. I turn on automatic browser updates (for example, Chrome, Firefox, Edge, etc.) so I’m always running without thinking about the latest version. For more information, see the Keep Your Device and Apps Updated Guide.
2. Install extensions only from trusted sources: Official browser stores such as the Chrome Web Store and Firefox Add-ons have rules and scans to catch bad actors, but they are not perfect. Extensions from random websites or third-party downloads are much more likely to hide malware and spyware. Stick to the official browser store. Do not download extensions from the sketchy links.
Click here to get your Fox business on the go
3. Have powerful antivirus software: The best way to protect yourself from malicious links to install malware is to install antivirus software on all devices as it may access your personal information. This protection can also warn you that it will phish email and ransomware scams and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
4. Update Password: Change the password for accounts that may have been affected by the extension and use a unique, strong password for each account. Consider using a password manager. This will help you generate and store strong and unique passwords for all your accounts. For more information about my best expert reviewed password managers of 2025, click here.
5. Invest in Personal Data Deletion Services: If your personal data is stolen by extension, it is important to act promptly to reduce the risk of identity theft and fraud. Although there is no service that promises to delete all data from the internet, deleting a deletion service is great if you want to constantly monitor and automate the process of continuously deleting information from hundreds of sites over a long period of time. Please see the top picks for data deletion services.
Massive security flaws put the most popular browsers at risk with MAC
Important points of cart
The malicious extension highlights that Google isn’t doing enough to keep malware away from the platform. Security researchers noted that the Chrome Webstore does not have protection against these types of attacks, such as blocking sudden changes to extension icons and HTML, or at least warning users when such changes occur. This issue is not limited to the Chrome Web Store. The Play Store also occasionally hosts malicious apps, affecting millions of users. Google needs to step up its security efforts and make user privacy the forefront and center.
Click here to get the Fox News app
Do you trust Google to keep malicious apps and extensions from the platform? Please let us know by writing to cyberguy.com/contact.
For more information about my tech tips and security alerts, head to cyberguy.com/newsletter and subscribe to our free Cyberguy Report newsletter.
Please ask your cart or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber ​​Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
