Leaky Chrome extensions with 37M installs caught divulging your browsing history
Summary
A security researcher has discovered that 287 Chrome extensions, with an estimated 37 million installations, are transmitting users' browsing histories to external servers. The leaky extensions span various categories, including VPNs, productivity tools, and shopping add-ons, and are associated with actors like Similarweb and smaller data brokers.
IFF Assessment
The article describes a widespread privacy issue affecting millions of Chrome users, which is detrimental to defenders and users alike.
Severity
Defender Context
This highlights the risk of browser extensions and the need for robust extension security policies and monitoring. Defenders should educate users about the dangers of granting broad permissions to extensions and encourage regular audits of installed extensions. This also underscores the trend of data brokers collecting and monetizing user browsing data.