35 Chrome extensions that look harmless, but are secretly spying on you

Just because an extension has been downloaded thousands of times and looks harmless, doesn't mean it's legitimate. These 35 extensions in the Chrome Web Store are spying on you right under Google's nose — and you need to delete them right now.

Remove These 35 Chrome Browser Extensions Now!

Security researcher John Tuckner found a group of at least 35 extensions using the same pattern, connecting to some of the same servers and requesting the same list of sensitive system permissions. These extensions have a combined total of more than 4 million installs, and 10 of them even have a 'Featured' label on the Chrome Web Store—a badge reserved for verified developers you can trust.

 

Surprisingly, all but one of the extensions are not listed in the Chrome Web Store, meaning they don't appear in the Web Store or search results. It's unclear how they managed to amass such a large number of installs.

The full list of extensions is as follows:

1. Better Browse by SecureSearch
2. Bing Search by Securify
3. Browse Securely for Chrome
4. Browser Checkup for Chrome by Doctor
5. Browser WatchDog for Chrome
6. Check My Permissions for Chrome
7. Choose Your Chrome Tools
8. Cuponomia - Coupon and Cashback
9. Data Shield for Chrome
10. Fire Shield Chrome Safety
11. Fire Shield Extension Protection
12. Global search for Chrome
13. In Site Search for Chrome
14. Incognito Search for Chrome
15. Incognito Shield for Chrome
16. Map Search for Chrome
17. MultiSearch for Chrome
18. News Search for Chrome
19. Privacy Guard for Chrome
20. Private Search for Chrome
21. Protecto for Chrome
22. Safe Search for Chrome
23. Securify Advanced Web Protection
24. Secure for Chrome
25. Secure Kid Protection
26. Secure Your Browser
27. SecuryBrowse for Chrome
28. Total Safety for Chrome
29. Protecto's Unbiased Search
30. Watch Tower Overview
31. Web Privacy Assistant
32. Web Results for Chrome
33. Website Safety for Chrome
34. Ghost's Yahoo Search

 

In a Secure Annex blog post, Tuckner makes clear that extensions claim to have a number of purposes, such as blocking ads, providing better search results, protecting privacy, and, ironically, protecting extensions. While this may help extensions get available in the Chrome Web Store, the underlying code to deliver their claimed purpose is often minimal or absent.

All 35 extensions have obfuscated code, which is not a good sign from a security perspective as it hides the extension's behavior and slows down analysis. The extensions also have the unknown.com domain configured in their background services. The domain is unrelated to the underlying code, but it is useful for linking them.

 

They also request permissions that are beyond the scope of the specific extension's purpose, including:

1. Tab management and interactive access
2. Ability to set and store browser cookies
3. Intercept and modify web requests
4. Store data persistently in the browser
5. Add JavaScript to web pages or manipulate their structure
6. Activate alert
7. Interact with browser activity along with other permissions

As you might expect, these permissions can give extensions a lot of access to your browser and private data, potentially leading to quite serious breaches. Most extensions don't ask for such high-level permissions, meaning that even if they don't use their extensive access for malicious purposes, they still pose unnecessary risks.

This isn't the first security issue involving Chrome extensions. Millions of users have been affected by malicious Chrome extensions in the past. While Google takes Chrome's security seriously, you should always check the safety of a Chrome extension before clicking that install button.