Security

6 Million Users Beware: Hidden Tracking in Chrome Extensions Unveiled

tuffbrownboy


Tracking function in Fire Shield extension
Finding more extensions phoning the same external domain
Excessive permissions secured by the extensions
One of the risky extensions still hosted on the Web Store

The Alarming Reality of Chrome Extensions with Hidden Tracking Capabilities

Recent discoveries have put a spotlight on a troubling issue affecting 6 million Chrome users. A comprehensive investigation has revealed that 57 Chrome extensions harbor capabilities that pose significant threats to user privacy and security, including browsing behavior monitoring, cookie access for various domains, and potential remote script execution.

Unlisted and Hard to Trace

These deceptive extensions are not available through Chrome Web Store searches or indexed by standard search engines. The only way to install these covert tools is by accessing a direct URL, often distributed via suspicious ads or malicious websites.

Double Agents: Privacy Tools or Surveillance Gear?

Among these extensions, ostensibly designed to offer ad-blocking or privacy enhancement, are hidden functions that grant them overly broad permissions to:

  • Access and read cookies, including authorization data
  • Track user browsing activities
  • Alter search engine settings and results
  • Inject and execute remote scripts on visited web pages
  • Activate remote tracking features

Though no direct evidence of password or cookie theft has been confirmed, the presence of complex and concealed code within these extensions raises red flags regarding potential exploitation for spyware purposes.

Indicators of a Larger Scheme

Further analysis by John Tuckner from Secure Annex led to the identification of multiple extensions associated with a suspicious domain, significantly escalating the risk and scale of this privacy issue. Detailed in his blog post, these findings suggest a coordinated effort to exploit browser security.

Public Deception: The Topmost Downloaded Extensions

The following is a list of the most downloaded questionable extensions that users are urged to uninstall immediately:

  1. Cuponomia – Coupon and Cashback (700,000 users, public)
  2. Fire Shield Extension Protection (300,000 users, unlisted)
  3. Total Safety for Chrome™ (300,000 users, unlisted)
  4. Protecto for Chrome™ (200,000 users, unlisted)
  5. Browser WatchDog for Chrome (200,000 users, public)
  6. Securify for Chrome™ (200,000 users, unlisted)
  7. Browser Checkup for Chrome by Doctor (200,000 users, public)
  8. Choose Your Chrome Tools (200,000 users, unlisted)

In response to these unsettling discoveries, Google and BleepingComputer have been notified, with investigations currently ongoing into the activities of these extensions.

Related: Top Security Frameworks Used by CISOs in 2025

Last Updated: April 17, 2025

Post Views: 15

Related Posts