
Most people don’t think twice before adding a browser extension. It promises convenience, saves time, or offers a free version of something they’d otherwise pay for. That’s exactly what makes the threat so quietly effective.
According to the LayerX Annual Browser Security Report 2024, roughly one third of all extensions within an organization pose a high risk, with about one percent of installed extensions known to be malicious. That one percent sounds small until you realize the scale involved. A Stanford University study evaluated extension safety in the Chrome Web Store and identified thousands of “security-noteworthy extensions” containing malware, violating privacy policies, or carrying known vulnerabilities.
Alarmingly, these risky extensions often remained available for years, accumulating millions of installs. Over a three-year period, more than 346 million users installed such extensions.
1. Free VPN Extensions

The appeal is obvious: free, instant privacy with a single click. The reality, according to multiple security researchers, is quite different. Free VPN extensions promise privacy, speed, and global access with one click. For millions of users, they feel like an easy way to bypass restrictions or hide IP addresses without paying for a subscription. But that promise often hides a tradeoff: if the product is free, your data becomes the product.
Users installing free VPN services face substantial risks, as operators can intercept all traffic, harvest credentials, and conduct targeted follow-up attacks while maintaining complete remote control over compromised browsers. The documented cases are striking. FreeVPN.One, launched in 2020, was a seemingly legitimate Chrome VPN extension until an update to version 3.0.3 in April 2025, at which point the developer added a permission enabling the extension to access every site a user visited.
With a later version, the extension started silently capturing screenshots of users’ online activity and collecting and exfiltrating sensitive personal information, including private pictures sent to FreeVPN.One’s backend. Risks of using such extensions span from traffic interception and stealthy redirection to dangerous phishing pages, to persistent remote control, severe privacy breaches, and profiling.
2. Fake AI Productivity Tools

Researchers uncovered Chrome extensions posing as AI productivity tools that secretly harvested conversations from platforms like ChatGPT and DeepSeek, along with browsing activity. These weren’t obscure niche tools. OX Security researchers found that more than 900,000 Chrome users unknowingly exposed sensitive AI conversations after installing malicious browser extensions masquerading as legitimate productivity tools.
A coordinated campaign involved 32 extensions disguised as AI assistants for summarizing content, chatting, writing, and helping with Gmail. They were downloaded more than 260,000 times. All of them were collecting sensitive data and sending it to remote servers controlled by attackers. The theft was methodical. One particularly concerning group of extensions impersonated a legitimate AI tool called AITOPIA. These copycats looked identical to the real extension, provided the same functionality, but secretly exfiltrated ChatGPT and DeepSeek conversations every 30 minutes.
The FIDO Alliance 2025 Authentication Trends Report highlights that more than half of GenAI-enabled extensions demand high-risk access to browsing data. That is a meaningful proportion given how quickly AI tools have become part of everyday workflows.
3. Extensions That Impersonate Popular Brands

Impersonation has become one of the most scalable attack methods in the browser extension space. Brand impersonation creates confusion by design. Attackers create fake extensions with names like “ChatGPT for Chrome,” “Free VPN Pro,” or “AdBlock Plus Extra” that look almost identical to legitimate tools. The names are similar enough that users don’t notice the difference. The icons match. The descriptions sound right. They’re completely different extensions controlled by criminals.
An unknown threat actor was attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis assistants, VPN services, crypto, and banking tools to direct users to install corresponding malicious extensions.
LayerX identified over 40 malicious browser extensions that are part of three distinct phishing campaigns, many of which were still available for download from the Chrome Web Store. The extensions were designed to impersonate popular tools and brands, raising the possibility that they may have been auto-generated using AI tools. The speed at which these fakes can now be produced is part of what makes them so difficult to contain.
4. “Sleeper” Extensions That Turn Malicious via Updates

Perhaps the most unsettling category is extensions that were genuinely safe for years before quietly flipping. In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. In total, about 4.3 million users installed these once-legitimate add-ons, which suddenly went rogue with spyware and backdoor capabilities.
One of the worst capabilities was session cookie and token theft, stealing the authentication tokens that websites use to keep users logged in. The extensions could even impersonate entire SaaS accounts like Microsoft 365 or Google Workspace by hijacking those session tokens. The mechanism enabling all of this is something most users never think about. Because extension updates happen automatically in the background, the attackers were able to push out malicious code without users noticing a thing. A trusted add-on can become malicious overnight with no obvious warning.
These attacks highlight that the automatic update mechanism is a particular risk surrounding browser extensions, especially when effective control of the extension may have invisibly changed between updates. WeTab operated cleanly for years before turning malicious in 2024. Users had no reason to suspect anything was wrong until it was too late.
5. Urban VPN and Similar “Featured” Extensions Caught Harvesting Data

Having a “Featured” badge from Google is no longer a reliable safety signal. A recent investigation by the research team at Koi uncovered that the popular Chrome extension Urban VPN Proxy, with over 6 million installs and a “Featured” badge from Google, was silently harvesting conversations from major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI.
Starting with version 5.5.0 released on July 9, 2025, Urban VPN Proxy began intercepting and exfiltrating user interactions with AI assistants even when the VPN was turned off. The extension injects scripts into visited AI sites and overrides critical browser APIs, such as fetch() and XMLHttpRequest. The broader reach was significant. Several related extensions, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, contained the same embedded AI data-collection scripts. Combined, these Chrome and Edge extensions affected more than 8 million users. Despite these findings, all but one of these extensions retained their “Featured” status on the Chrome Web Store and Microsoft Edge Add-ons.
Google’s review system, intended to verify safety and privacy compliance, failed to detect or act upon this behavior, even though the collection directly violated Chrome’s Limited Use Policy, which prohibits sharing user data with data brokers.
6. Free Coupon and Shopping Extensions

Extensions like shopping assistants and coupon finders sit at an awkward intersection: they need deep browser access to work as advertised, which also makes them capable of substantial surveillance. They need to detect checkout pages, apply promo codes, and track purchases for cashback. This means they often see what sites you visit and what you’re buying. When misused, this access could lead to privacy breaches, intrusive ads, or even data sales.
Analysis of Honey’s data practices showed that the extension collects history data on a large scale, contrary to what its own privacy policy stated. Data protection complaints were subsequently submitted with relevant authorities. The structural issue is that extensions can see every website you visit, everything you type, and all products you view. Reputable extensions claim to collect only shopping-related data, but users must verify through the privacy policy.
In order to function, shopping extensions need to be able to read content from the webpage a user is visiting, and they also have to be able to alter webpage content to show price alerts and apply coupon codes. This is a lot of power to give to a piece of software, and so it’s important to consider the potential risks.
The Bigger Picture: Why the Extension Threat Has Escalated

What’s changed in recent years isn’t just the number of bad extensions. It’s the sophistication of how trust is built and then exploited. ENISA documented a surge in attacks leveraging malicious browser extensions in late 2024, highlighting a campaign that compromised multiple companies’ Chrome extensions and notably targeted extensions tied to AI and VPN themes. Public reporting described the same campaign pattern: extension developer targeting, followed by malicious updates published through official distribution channels.
Because extensions are integrated directly into browser applications and don’t generate process start events, security issues can be more difficult to detect compared to traditional desktop applications. This gap enables threat actors to “hide in plain sight,” carrying out harmful activities without detection for significant periods of time. The supply chain angle has become especially prominent. Supply chain attacks, such as the Cyberhaven compromise in 2024, have emerged where adversaries compromise trusted developer accounts using social engineering and OAuth token abuse to deploy malicious updates.
Research from Hoplon Infosec’s 2025 Browser Security Report reveals that outdated extensions have become a primary attack vector, with more than half of all extensions not receiving updates in over a year. This leaves vulnerabilities unpatched and systems exposed to potential attacks.
What the Supply Chain Attack on Cyberhaven Revealed

In December 2024, hackers compromised at least 35 Google Chrome extensions, affecting approximately 2.6 million users. The attack exploited phishing emails sent to developers, masquerading as Google policy violation notices. Once developers were tricked, the consequences cascaded. Once authorized, the attackers gained control over the extensions, injecting malicious code to steal user data, particularly targeting Facebook credentials and business accounts.
In December 2024, a threat actor conducted a software supply chain attack using compromised developer accounts to distribute malicious browser extension updates from the Chrome Web Store. The threat actor compromised the developer accounts via phishing and updated extensions with code that exfiltrated data from HTTP headers and DOM content based on a dynamic configuration.
Removal from the Chrome Web Store will not trigger automatic uninstalls, so impacted users must manually remove the extensions. That detail matters more than it seems. Millions of users who saw news coverage may never have taken action, leaving a compromised extension running silently in their browser.
How Malicious Extensions Steal Your Data, Step by Step

Keylogging is straightforward but devastating. The extension records every keystroke made, capturing usernames, passwords, credit card numbers, and anything else typed into websites. This data gets packaged up and sent to the criminals’ servers, often in real-time.
Cookie theft is more subtle but equally dangerous. When you log into a website, it stores a cookie in your browser that keeps you logged in. Malicious extensions steal these cookies, allowing hackers to access your accounts without needing your password. You remain logged in and might not notice anything wrong while someone else is simultaneously accessing your email, bank account, or social media.
Once stolen, this data gets sold on dark web marketplaces, used for identity theft, leveraged for corporate espionage, or exploited for financial fraud. For enterprise environments, a single compromised extension can open up the entire organization. The threat is even more extensive now that organizations predominantly operate on a software-as-a-service model. The current workforce spends a significant part of the day in the browser, and an influx of sensitive data is stored in the browser on a daily basis.
The DarkSpectre Campaign: One Threat Actor, Millions of Victims

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, was attributed to a third attack campaign codenamed DarkSpectre that impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor tracked under the moniker DarkSpectre. Collectively, the campaigns affected over 8.8 million users spanning a period of more than seven years.
The most recent discovery, The Zoom Stealer, is the third such campaign from DarkSpectre, employing a set of 18 extensions across Chrome, Edge, and Firefox for facilitating corporate intelligence by collecting online meeting-related data like meeting URLs with embedded passwords, meeting IDs, topics, descriptions, scheduled times, and registration status.
The second campaign, GhostPoster, is mostly focused on Firefox users, targeting them with seemingly harmless utilities and VPN tools to serve malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud. The breadth of tactics here is notable. This wasn’t a blunt, obvious attack. It was methodical, patient, and spread across multiple browsers simultaneously.
What Cybersecurity Experts Recommend

More extensions equals more risk. To reduce the attack surface and limit potential vulnerabilities, users should install only essential browser extensions. It is also important to regularly review and uninstall extensions that are no longer in use or whose functionality overlaps with another tool.
Permissions should align with the intended functionality of the extension and be limited only to the data needed to perform that specified task. Excessive permissions are an important warning sign, whether a red flag for a legitimate extension or a tell-tale sign of a malicious one. An innocuous but over-permissioned extension is only an update away from becoming malware.
User ratings were found to be unreliable indicators of safety, as dangerous extensions frequently maintained high ratings. Ratings could be manipulated and artificially inflated by filtering negative user feedback. DomainTools found evidence of extensions impersonating DeepSeek that redirected users providing low ratings to a private feedback form, while sending those providing high ratings to the official Chrome Web Store review page.
A Measured Takeaway

AI Disclaimer: This article was created with the assistance of AI tools and reviewed by a human editor.

