Just because an extension has been downloaded thousands of times and looks harmless, doesn’t mean it’s legit. These 35 extensions on the Chrome Web Store are spying on you right under Google’s nose—and you need to remove them now.
Delete These 35 Chrome Browser Extensions Now
Security researcher John Tuckner found a cluster of at least 35 extensions using the same code patterns that connect to some of the same servers and require the same list of sensitive system permissions. The extensions have over 4 million installs collectively, and ten even have the “Featured” designation on the Chrome Web Store—a badge reserved for verified developers that you can trust.
Surprisingly, all extensions except one are unlisted in the Chrome Web Store, meaning they don’t appear in the Web Store or search results. It’s unclear how they were able to gather such a large number of installs.
The full list of extensions is as follows:
- Better Browse by SecurySearch
- Bing Search by Securify
- Browse Securely for Chrome
- Browse Securely for Chrome
- Browser Checkup for Chrome by Doctor
- Browser WatchDog for Chrome
- Check My Permissions for Chrome
- Choose Your Chrome Tools
- Cuponomia – Coupon and Cashback
- Data Shield for Chrome
- Fire Shield Chrome Safety
- Fire Shield Extension Protection
- Global search for Chrome
- In Site Search for Chrome
- Incognito Search for Chrome
- Incognito Shield for Chrome
- Map Search for Chrome
- MultiSearch for Chrome
- News Search for Chrome
- Privacy Guard for Chrome
- Private Search for Chrome
- Protecto for Chrome
- Safe Search for Chrome
- Securify Advanced Web Protection
- Securify for Chrome
- Securify Kid Protection
- Securify Your Browser
- SecuryBrowse for Chrome
- Total Safety for Chrome
- Unbiased Search by Protecto
- Watch Tower Overview
- Web Privacy Assistant
- Web Results for Chrome
- Website Safety for Chrome
- Yahoo Search by Ghost
In a Secure Annex blog post, Tuckner clarifies that the extensions claim to have some purposes, like ad blocking, providing better search results, privacy protection, and ironically, extension protection. While this likely keeps the extensions available on the Chrome Web Store, the underlying code to power their claimed purpose is often minimal or missing entirely.
All 35 extensions have their code obfuscated, which is not a good sign from a security perspective, as it conceals the extension’s behavior and slows down analysis. The extensions also have the domain unknow.com configured in their background services. The domain has no relevance in the underlying code, but it’s useful for linking them.
They also request permissions that are beyond the scope of what a particular extension aims to do, including:
- Tab management and interaction access
- Ability to set and store browser cookies
- Intercept and modify web requests
- Store data persistently in the browser
- Inject JavaScript into websites or manipulate their structure
- Trigger alerts
- Interact with browser activity alongside other permissions
As you can probably guess, these permissions can give an extension a lot of access to your browser and private data, potentially resulting in a rather damaging breach. Most extensions don’t require such high-level permissions, meaning that even if they’re not using their extended access for something malicious, they still present unnecessary risk.
This is far from the first security incident with Chrome extensions. Millions of users have been affected by malicious Chrome extensions in the past. While Google does take Chrome’s security seriously, it’s worth checking the safety of Chrome extensions before you click that install button.