McAfee Researchers Spot Malicious Chrome Extensions

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
Google's Chrome browser

McAfee researchers say consumers should be cautious when downloading browser extensions.

James Martin/CNET

What's happening

McAfee researchers spotted five Chrome extensions that were tracking user browser activity without their knowledge. They were downloaded a combined 1.4 million times before Google removed them from its store.

Why it matters

Keeping malicious extensions completely out is a close-to-impossible task, so consumers need to be cautious when installing any kind of browser extension.

Google removed a handful of browser extensions from its Chrome Web Store that were downloaded a combined 1.4 million times after outside cybersecurity researchers determined that the extensions were surreptitiously tracking the online activities of their users. 

In a blog post published this week, McAfee researchers singled out five extensions that allow users to do things like watch Netflix shows together, track deals on retail sites and take screenshots of websites. The problem was, in addition doing what they promised, the extensions tracked their users' browser activity.

"The users of the extensions are unaware of this functionality and the privacy risk of every site being visited being sent to the servers of the extension authors," the researchers wrote in their blog post.  

According to McAfee, every website a user visited was sent to the extension's creator so that code could be inserted into the e-commerce sites users visited, allowing the extension's authors to receive affiliate payments for any items the user bought.

A Google spokesman confirmed Wednesday that all five of the extensions pointed out in the McAfee report have been removed from the Chrome extension store.

Extensions are add-ons consumers can download and use to modify browsers like Chrome, Safari and Firefox. The bits of software can do things like block ads, integrate with password managers and find coupons as you put items into your shopping cart. One extension lets users change their mouse curser from an arrow to something more fun like a sword or a slice of pizza.

Much like the apps available for smartphones , there are well over 100,000 extensions available just for Chrome, along with more for the other browsers. While Google and the other providers say they scrutinize all of the extensions available in their stores, inevitably some malicious extensions do manage to sneak in.

Earlier this year, McAfee researchers spotted several imposter Netflix party Chrome extensions that redirected users to phishing sites and stole the personal information of users, though they appear to have only been installed a combined 100,000 times.

While an extension that's popular enough to have been downloaded hundreds of thousands of times may look legit, the McAfee researchers said their research shows that's not always the case. They said consumers should be cautious when it comes to extensions and take a good look at what kinds of data an extension is requesting to access before installing it.

Specifically, they said consumers should take extra steps to make sure an extension is authentic if it asks for permission to run on every website listed, like the recently spotted malicious extensions did.