Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers
Summary
A security researcher has discovered 287 malicious Chrome extensions, collectively installed 37.4 million times, that exfiltrate users' browsing history. The extensions send visited URLs to over 30 recipients, likely data brokers. This mass collection poses a privacy risk to users.
IFF Assessment
The discovery of numerous Chrome extensions exfiltrating browsing history represents a significant threat to user privacy and security.
Severity
Defender Context
Defenders need to educate users about the risks associated with installing browser extensions and promote the practice of regularly reviewing and auditing installed extensions. Organizations should consider implementing policies to restrict the installation of unapproved extensions. This highlights a broader trend of malicious actors using browser extensions as a vector for data theft and surveillance.