Millions at Risk: Chrome Browser Extensions Caught Snooping on Users

If you thought browser extensions were just helpful little tools for blocking ads or checking your grammar, it’s time for a reality check. Chrome, the world’s most popular browser, is under the spotlight after a fresh report flagged 35 new suspicious extensions that have been snooping on millions of users. These add-ons aren’t just annoying adware—they’re potentially a full-on privacy nightmare.

A recent investigation by John Tuckner from Secure Annex discovered that these extensions, many of which aren’t even listed on the Chrome Web Store, have been installed over 4 million times. Some masquerade as search helpers or ad blockers, but under the hood, they share code patterns, connect to the same servers, and ask for all kinds of sensitive permissions—like reading your web traffic, accessing your cookies, and managing your tabs. In other words, they can basically shadow your every online move.

What’s even scarier is that at least ten of these extensions carried Google’s "Featured" badge, the same badge that’s supposed to signal trustworthiness and safety. That badge is starting to look more like a participation trophy than a true seal of approval.

These extensions don’t just hang around doing nothing. Some act completely innocent until triggered, quietly sending your data back to who-knows-where. For instance, Fire Shield Extension Protection only started spilling browsing activity after a researcher poked it with a specific extension ID. Most users wouldn’t spot this sneaky behavior until it’s way too late.

Although the full list of these sketchy extensions isn’t public, researchers warn that if you’ve installed any unfamiliar add-ons lately—especially from direct links instead of the Chrome Web Store—it’s time to hit the uninstall button.

So, what can you do to protect yourself? Here are some quick-fire tips to keep your online life a little less exposed:

• Keep your browser up to date. Automatic updates are your friend—they patch up security holes before troublemakers can exploit them.
• Only install extensions from trusted sources. The Chrome Web Store isn’t perfect, but it’s a safer bet than random sites.
• Use solid antivirus software. It can catch shady add-ons before they mess with your system.
• Be skeptical of permission requests. If a calculator extension wants to read your browsing history, it’s probably not just crunching numbers for you.
• Change your passwords if you think you’ve been compromised. And use a dedicated password manager—not the one built into your browser.

The fact that several of these extensions got the Google "Featured" badge just proves that even the big tech gatekeepers can drop the ball. Millions of users trusted those badges, and in the end, their privacy got traded for a false sense of security. It’s a loud wake-up call for Google to step up its review game and for all of us to think twice before clicking "Add to Chrome." After all, your next productivity booster could be a privacy buster in disguise.