Researchers discovered more than 300 Chrome extensions that leak browsing data, spy on users, or steal information, impacting over 37.4 million users. Investigations by Q Continuum and LayerX link many extensions to coordinated operations, data brokers, and known spyware distributors, with some extensions specifically targeting Gmail and injecting remote iframes to exfiltrate content. #QContinuum #LayerX
Keypoints
- Analysis found 287 extensions transmitting browsing history or SERP data.
- Over 37.4 million users are affected, with 27.2 million installing 153 confirmed history-leaking extensions.
- Q Continuum linked the extensions to 32 entities and observed potential involvement of a data broker.
- LayerX identified 30 malicious extensions (260,000+ downloads) that inject iframes and share identical internal structures.
- Fifteen extensions were seen specifically targeting Gmail to extract and transmit email content.