287 Chrome Extensions Leak Browsing Data of 37.4 Million Users to Major Corporations
scsecFebruary 18, 20263 Mins read 
287 Chrome Extensions Leak Private Browsing Data of 37.4 Million Users
A new investigation by security researcher Q Continuum has revealed that 287 Google Chrome extensions are actively harvesting the private browsing histories of approximately 37.4 million users. The report highlights how tools that appear “harmless,” such as ad blockers and search assistants, are being used to collect sensitive data and sell it to corporations and data brokers.
How the Data is Collected
The research team employed a man-in-the-middle proxy to monitor outgoing data from Chrome extensions. Using Docker to simulate real browsing behavior, they scanned the top 32,000 apps on the Chrome Web Store.
Key findings include:
- Many extensions send user data in plain text or obscure it using Base64 or AES-256 encryption.
- Some extensions wait until users accept privacy policies before transmitting data.
- The 37.4 million figure is likely conservative, with actual numbers potentially higher.
The collected data includes Google search URLs, user IDs, and browsing history, which are detailed enough to be de-anonymized and linked to real identities.
Major Corporations Receiving Data
While some extensions are created by small developers, many are connected to large companies, including:
- Similarweb (extensions affecting ~10.1 million users)
- Alibaba Group
- ByteDance
- Semrush
- Big Star Labs
Interestingly, around 20 million users could not be linked to a specific company, suggesting that shell companies or third-party analytics partners may be involved.
Popular Extensions Implicated
Some well-known tools were flagged, including:
- Stylish (custom theme tool)
- Ad Blocker: Stands AdBlocker
- Poper Blocker, CrxMouse, and Block Sit
- SimilarWeb – Website Traffic & SEO Checker
The investigation found that some extensions are sold or repurposed to function as data-harvesting tools, and multiple extensions may be used to mask the collection process.
Privacy Implications
The study emphasizes a transparency gap in the Chrome Web Store. Users often do not anticipate or understand how their data is being harvested.
John Carberry, Solution Sleuth at Xcape Inc., commented that:
- The extension ecosystem acts as a “vast, legalized surveillance system.”
- Businesses may be exposed because full URLs can reveal internal corporate domains, session tokens, and sensitive cloud resources.
- Users are often paying for “free” products with their data instead of money, highlighting the hidden cost of privacy in the digital economy.
Recommendations for Users
- Be cautious when installing free extensions, even if they appear legitimate.
- Regularly review the permissions requested by Chrome extensions.
- Limit sensitive activity in browsers where multiple extensions are installed.
- Consider paid alternatives that are explicitly privacy-focused.
This investigation underscores the risks of routine data harvesting and the need for stronger safeguards forHere’s a rewritten and structured version of your article with all the key points preserved, followed by 10 alternative title suggestions:
287 Chrome Extensions Leak Private Browsing Data of 37.4 Million Users
A new investigation by security researcher Q Continuum has revealed that 287 Google Chrome extensions are actively harvesting the private browsing histories of approximately 37.4 million users. The report highlights how tools that appear “harmless,” such as ad blockers and search assistants, are being used to collect sensitive data and sell it to corporations and data brokers.
How the Data is Collected
The research team employed a man-in-the-middle proxy to monitor outgoing data from Chrome extensions. Using Docker to simulate real browsing behavior, they scanned the top 32,000 apps on the Chrome Web Store.
Key findings include:
- Many extensions send user data in plain text or obscure it using Base64 or AES-256 encryption.
- Some extensions wait until users accept privacy policies before transmitting data.
- The 37.4 million figure is likely conservative, with actual numbers potentially higher.
The collected data includes Google search URLs, user IDs, and browsing history, which are detailed enough to be de-anonymized and linked to real identities.
Major Corporations Receiving Data
While some extensions are created by small developers, many are connected to large companies, including:
- Similarweb (extensions affecting ~10.1 million users)
- Alibaba Group
- ByteDance
- Semrush
- Big Star Labs
Interestingly, around 20 million users could not be linked to a specific company, suggesting that shell companies or third-party analytics partners may be involved.
Popular Extensions Implicated
Some well-known tools were flagged, including:
- Stylish (custom theme tool)
- Ad Blocker: Stands AdBlocker
- Poper Blocker, CrxMouse, and Block Sit
- SimilarWeb – Website Traffic & SEO Checker
The investigation found that some extensions are sold or repurposed to function as data-harvesting tools, and multiple extensions may be used to mask the collection process.
Privacy Implications
The study emphasizes a transparency gap in the Chrome Web Store. Users often do not anticipate or understand how their data is being harvested.
John Carberry, Solution Sleuth at Xcape Inc., commented that:
- The extension ecosystem acts as a “vast, legalized surveillance system.”
- Businesses may be exposed because full URLs can reveal internal corporate domains, session tokens, and sensitive cloud resources.
- Users are often paying for “free” products with their data instead of money, highlighting the hidden cost of privacy in the digital economy.
Recommendations for Users
- Be cautious when installing free extensions, even if they appear legitimate.
- Regularly review the permissions requested by Chrome extensions.
- Limit sensitive activity in browsers where multiple extensions are installed.
- Consider paid alternatives that are explicitly privacy-focused.
This investigation underscores the risks of routine data harvesting and the need for stronger safeguards for web users.
1 Comment
Leave a Reply
Related Articles
Fake Crypto Job Recruiters Trick Developers Into Installing Malware via Coding Challenges
Fake Job Recruiters Use Coding Challenges to Deploy Malware on Developers’ Systems...
DNS-Powered ClickFix Attack Delivers PowerShell Malware and ModeloRAT to Windows Systems
New ClickFix Attack Uses DNS to Deliver PowerShell Payloads Researchers at Microsoft...
Hijacked Google Ads and Fake Claude AI Pages Used to Deliver MacSync Malware to macOS Users
ClickFix Campaign Uses Hijacked Google Ads and Fake Claude AI Guides to...
ZeroDayRAT: Telegram-Sold Spyware Enables Full Android and iOS Surveillance and Financial Theft
ZeroDayRAT Emerges as Powerful Cross-Platform Mobile Spyware Sold on Telegram Cybersecurity researchers...
“This is a serious privacy warning for Chrome users. Even ‘harmless’ extensions can collect and sell your browsing data to major corporations. Always review extension permissions and consider privacy-focused alternatives.”