Security News > 2020 > February > Google pulls 500 malicious Chrome extensions after researcher tip-off
Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users.
Depending on which way you look at it, that's either a good result because they're no longer free to infect users, or an example of how easy it is for malicious extensions to sneak on the Web Store and stay there for years without Google noticing.
Google carried out its own fingerprinting based on the research and the number of dubious extensions ballooned to over 500.
Except, an infected user might point out, not often or effectively enough to stop 500 malicious extensions from finding a home inside the Chrome Web Store.
Anyone using one of the now-suspended 500 extensions will find they've automatically been deactivated in their browser, with warnings that mark them as malicious.
News URL
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)