Back to articles

300+ malicious Chrome extensions with 37 million downloads: how to check if you're affected

Security researchers exposed 300+ malicious Chrome extensions with 37.4M downloads stealing data, credentials, and emails. Here's how to protect yourself.

Maxim Kosterin
8 min read

Imagine installing a Chrome extension that looks like a helpful AI assistant — only to find out it's been silently sending your browsing history, Gmail messages, and corporate login sessions to attackers every 60 seconds. That's exactly what happened to 37.4 million users, according to new research published this week.

Security researchers from LayerX Security and Socket Security have identified more than 300 malicious Chrome extensions operating as a single coordinated campaign. Not isolated bad actors. Not a handful of sketchy tools. A full-scale operation targeting everything from your browsing habits to your company's HR platform credentials.

Here's what you need to know and what you can do right now.

What happened: the biggest extension campaign of 2026

According to SecurityWeek and The Hacker News, researchers uncovered a multi-pronged attack operating through the Chrome Web Store. The numbers are staggering:

  • 287 extensions were transmitting users' browsing history or search results to remote servers
  • 153 extensions with 27.2 million installs confirmed to leak browsing data immediately upon installation
  • 30 extensions used iframe injection to steal browser data directly, racking up 260,000+ downloads
  • 15 extensions specifically targeted Gmail, extracting email content
  • 5 extensions infiltrated enterprise HR platforms including Workday, NetSuite, and SAP SuccessFactors

The extensions disguised themselves as useful tools — fake AI assistants claiming to be ChatGPT, Claude, Grok, and Gemini clones, plus various productivity utilities. Researchers linked 32 distinct entities to the data exfiltration network behind the campaign.

How the attacks work

These weren't amateur operations. The researchers described sophisticated techniques designed to evade both automated review and manual inspection.

Remote-controlled interfaces

As Natalie Zargarov from LayerX Security explained to SecurityWeek: "Instead of implementing core functionality locally, they embed remote, server-controlled interfaces inside extension-controlled surfaces." Translation: the extension code that gets reviewed by Google looks clean. The malicious behavior gets loaded later from external servers.

This is a pattern I keep seeing in 2026 — extensions that pass review because they're essentially empty shells at install time. The actual payload arrives after the extension is already installed and trusted.

Credential harvesting on a schedule

The enterprise-focused variants are particularly nasty. According to Socket Security researcher Kirill Boychenko, one cluster of extensions was harvesting authentication cookies every 60 seconds. They specifically targeted session tokens for Workday, NetSuite, and SAP SuccessFactors — the kind of HR platforms where a single compromised session gives access to employee records, payroll data, and organizational structures.

Boychenko also reported that some extensions transmitted TOTP seeds and one-time security codes to an attacker-controlled backend — effectively bypassing two-factor authentication entirely.

Gmail inbox extraction

Fifteen extensions in the campaign specifically went after email data. According to the researchers, these extensions injected content scripts into Gmail's web interface, reading message bodies, sender information, and attachments. If you used any of the identified extensions while logged into Gmail, your email content may have been exfiltrated to servers controlled by the campaign operators.

These weren't extensions that asked for "read your email" permission in an obvious way. They requested broad host permissions (access to "all URLs") that technically allow Gmail access but don't flag it specifically. Unless you read the permissions carefully — and most people don't — you'd never notice.

Iframe injection for silent data capture

Thirty extensions in the campaign used a particularly sneaky technique: iframe injection. Rather than directly accessing page data through content scripts, they injected hidden iframes into the pages you visit. These invisible frames loaded attacker-controlled pages that could capture form data, keystrokes, and login credentials without triggering the browser's built-in security warnings.

This approach is harder to detect because the extension's own code doesn't directly handle sensitive data — the iframe does the dirty work.

Extension spraying

The attackers used a tactic researchers are calling "extension spraying": publishing multiple near-identical extensions under different names, different developer accounts, and slightly different descriptions. If one gets taken down, a dozen more remain live. It's a numbers game, and right now the attackers are winning.

Think of it like whack-a-mole on an industrial scale. Google removes one malicious "AI Chat Helper" and three more pop up under names like "Smart AI Assistant," "GPT Browser Tool," and "AI Writing Buddy" — all running the same payload from the same command-and-control servers.

Why this matters for you

If you're reading this thinking "I only install extensions from the Chrome Web Store, so I'm safe" — that's exactly the assumption these attackers are exploiting. Every single one of these 300+ extensions was distributed through Google's official store.

Here's the uncomfortable truth: the Chrome Web Store review process has clear limitations when it comes to campaigns like this. Extensions with millions of downloads operated undetected for extended periods. The review system catches obvious malware, but sophisticated campaigns that load malicious behavior from remote servers after installation slip through.

This isn't about blaming Google — it's about recognizing that store presence alone isn't a safety guarantee. You need additional layers of defense.

Enterprise teams are especially at risk

If you work in IT security, this campaign should be a wake-up call. Five extensions specifically targeted enterprise HR platforms. Authentication cookies harvested every minute. TOTP seeds exfiltrated. That's not just a privacy issue — it's a potential data breach affecting your entire organization's employee records and financial data.

How to protect yourself

You don't have to wait for Google to catch every bad extension. Here are concrete steps you can take today.

1. Audit your installed extensions right now

Open chrome://extensions/ and look at every extension you have installed. Ask yourself: do I actually use this? Do I remember installing it? If the answer to either is "no," remove it immediately.

Pay special attention to:

  • AI assistant extensions you didn't install from the official product's website
  • Extensions that request access to "all sites" or "read your browsing history"
  • Anything with a generic name like "AI Helper" or "Quick Search Tool"
  • Extensions you installed more than a year ago and haven't thought about since

2. Check permissions, not just ratings

A 4.5-star rating means nothing if the extension has permissions it doesn't need. A simple color picker asking for access to your browsing history? That's a red flag. Use the Extenshi catalog to look up extensions and see their full permission breakdown with risk analysis before you install anything new.

The key permissions to watch for are tabs, webRequest, <all_urls>, and cookies. Any combination of these gives an extension broad access to your browsing data and active sessions.

3. Remove extensions you don't actively use

The average Chrome user has 5-10 extensions installed. Most people actively use 2-3 of them. Every idle extension is attack surface you're not benefiting from. Be ruthless — you can always reinstall something later if you actually need it.

4. Watch for extensions that suddenly change behavior

Some of these malicious extensions started clean and added data exfiltration later through updates. If an extension suddenly asks for new permissions, changes its description, or updates from a new developer account, treat that as a signal to investigate. Chrome shows permission change notifications — don't click "accept" without reading them.

5. For enterprise: implement extension allowlisting

If you manage a fleet of corporate browsers, this campaign makes the case for extension allowlisting. Rather than trying to block every bad extension (impossible at this scale), define an approved list and block everything else. Chrome Enterprise policies support ExtensionAllowedTypes and ExtensionInstallBlocklist to enforce this at the organization level.

Combined with regular audits and a review process for new extension requests, allowlisting is the most effective defense against coordinated campaigns targeting enterprise credentials.

How Extenshi helps you stay ahead

This is exactly the kind of threat that motivated me to build Extenshi. The catalog scans extensions for permission risks, tracks behavioral changes across versions, and flags the patterns that campaigns like this one rely on — excessive permissions, remote code loading, and data exfiltration indicators.

You can look up any extension by name or ID and get a security breakdown before you install. If any of the extensions in this campaign are in our catalog, you'll see their risk flags right on the extension page.

Scan your extensions →


This article is based on publicly available security research and news reporting. Extenshi does not independently verify all claims made by third-party researchers. References to specific companies or products reflect the findings of cited sources and do not constitute accusations of intentional wrongdoing. If you believe any information is inaccurate, please contact us at [email protected].

Related Articles