If you use Google Chrome extensions, you should be cautious. Security researchers have found that 16 popular Chrome extensions have been compromised, potentially putting your personal data at risk. These include ad blockers, emoji keyboards, video effects tools, and more.
Which Chrome Extensions Are Affected?
According to a report by GitLab Security (via Notebookcheck), the following extensions have been identified as dangerous:
- Blipshot
- Emojis Emoji Keyboard
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube Picture in Picture
- Mike Adblock für Chrome
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome (NoAds)
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
- WAToolKit
How Did the Attack Happen?
Hackers managed to take control of the developers’ accounts, allowing them to push malicious updates to these extensions. Some developers were tricked into giving access to their accounts, unknowingly allowing attackers to modify their extensions.
The attack method involved multi-stage processes where hackers bypassed browser security, injected harmful content, and even hid dangerous code outside of the extensions. This makes it harder for traditional security tools to detect the threats.
What Should You Do?
- Uninstall the affected extensions immediately to avoid security risks.
- Update your browser to ensure you have the latest security patches.
- Use a reliable security tool to scan for any malicious activity.
- Be cautious while installing extensions and avoid unknown sources.
GitLab researchers warn that such attacks pose a serious threat, as browsers handle a lot of sensitive information. Stay alert and protect your data from potential risks.