Security researchers have discovered 11 malicious Google Chrome extensions that have collectively been downloaded over 1.7 million times. These extensions, available on the Chrome Web Store, are capable of tracking user activity and redirecting them to dangerous websites. The threat was first identified by cybersecurity experts at Koi Security and reported by Bleeping Computer.
The malicious extensions disguised themselves as popular tools such as VPNs, emoji keyboards, and sound boosters. With positive user reviews and prominent listings, many users installed them without suspicion. However, the extensions were later updated with harmful code, turning once-safe tools into security risks. Some have been removed by Google, but others are still available for download.
According to Koi Security, the issue lies in the background service workers of these extensions. When users visit new web pages, these service workers quietly capture the URLs and send them to a remote server. Each user is assigned a unique tracking ID, and the server could potentially redirect them to unsafe websites, increasing the risk of cyberattacks.
While no active redirection has been confirmed so far, the silent addition of malicious code through Google’s auto-update system is worrying. Users were not notified or asked for permission when these updates were installed, suggesting a possible compromise by external actors. A similar issue has been found on Microsoft Edge, where malicious extensions were downloaded over 600,000 times.
This large-scale browser hijacking campaign has now affected more than 2.3 million users across Chrome and Edge. Koi Security strongly advises users to uninstall the listed extensions immediately, clear their browsing data, and run malware scans. Users should also stay alert for unusual account activity or unauthorized access.
Some of the harmful Chrome extensions include:
- Color Picker, Eyedropper — Geco colorpick
- Emoji Keyboard Online — Copy&paste your emoji
- Volume Max — Ultimate Sound Booster
- Unlock Discord — VPN Proxy
- Unblock TikTok
- Dark Theme — Dark Reader
Removing these tools is crucial to protect personal data and online security, especially as new threats continue to emerge.