Hackers Hijack 16 Popular Chrome Extensions – 3.2 Million Users at Risk

A major security breach has compromised over 3.2 million Google Chrome users through a network of malicious browser extensions. These extensions, originally designed for ad blocking, dark mode, and screen capturing, were hijacked by hackers who injected harmful scripts, stole user data, and manipulated web activity in real time.

How Did This Happen? 

Security researchers discovered that attackers used a supply chain compromise, infiltrating trusted developer accounts and distributing malicious updates through official browser extension stores. This allowed them to bypass security measures, making the extensions appear safe while secretly performing malicious activities.

List of Affected Extensions

If you have any of these installed, remove them immediately:

• Blipshot (One Click Full Page Screenshots)

• Emojis - Emoji Keyboard

• WAToolkit

• Color Changer for YouTube

• Video Effects for YouTube and Audio Enhancer

• Themes for Chrome and YouTube™ Picture in Picture

• Mike Adblock für Chrome | Chrome-Werbeblocker

• Page Refresh

• Wistia Video Downloader

• Super Dark Mode

• Emoji Keyboard Emojis for Chrome

• Adblocker for Chrome - NoAds

• Adblock for You Adblock for Chrome

• Nimble Capture

• KProxy

What Were These Extensions Doing?

Once compromised, these extensions engaged in:

• Injecting Malicious Scripts – Modifying webpages to show unwanted ads and track user behavior.

• Stealing Sensitive Data – Collecting login credentials and browsing habits.

• Search Engine Fraud – Redirecting users to malicious sites to generate revenue for attackers.

• Modifying HTTP Requests – Allowing unauthorized access to sensitive web sessions.

How to Protect Yourself 

• Uninstall Suspicious Extensions: If you have any of the listed extensions, remove them immediately.

• Check Permissions: Avoid extensions that request excessive permissions, especially "host access" and "scripting."

• Stick to Trusted Developers: Research developers before installing new browser extensions.

• Enable Browser Security Features: Keep Chrome up to date and enable enhanced security settings.

Google has since removed these compromised extensions, but millions of users remain at risk. Stay vigilant and regularly audit your installed browser extensions to avoid falling victim to similar cyber threats.

Final Thoughts

This attack highlights the growing risk of supply chain compromises in browser extensions. As cybercriminals evolve their tactics, staying informed and practicing good cybersecurity habits is more important than ever.

Have you checked your extensions lately? Let us know in the comments!