Google Chrome users are advised to delete 16 “malicious” browser extensions, according to a report by cloud security firm GitLab Threat Intelligence. These extensions include Emojis, Colour Changer for YouTube, Themes for Chrome and others that have functionality around screen capture, ad blocking and emoji keyboards.
These extensions could be affecting at least 3.2 million users, the report stated.
The firm decided to investigate publicly available browser extensions after a threat actor ran a software supply chain attack via compromised developer accounts to spread malicious browser extension updates from the Chrome Web Store in December 2024. The extensions were updated with code that removed data from HTTP headers and DOM content from developer accounts to compromise them.
Malicious extensions can normally steal personal data like our browsing history, passwords or even payment details that are stored.
GitLab said that they informed Google about these extensions in January post which the search giant took them down from the Chrome Web Store. This won’t however automatically uninstall them so users should manually remove them.
Published - March 03, 2025 11:44 am IST
