Security researchers have identified 287 Chrome extensions that have been covertly collecting user browsing data and funnelling it to more than 30 data collection companies. The extensions, which collectively account for an estimated 37.4 million installations, operated under the guise of legitimate browser tools while harvesting detailed information about users' online activity.
The research, carried out by the Q Continuum security team and published via Panda Security's media centre, highlights the growing risk posed by browser extensions that request broad permissions and operate with minimal oversight.
How the Data Harvesting Worked
The extensions in question typically presented themselves as ad blockers, download helpers, or productivity tools. Once installed, they would monitor browsing activity including page visits, search queries, and in some cases form data, then transmit this information to external servers operated by data aggregation firms.
Many of the extensions requested permissions that appeared reasonable for their stated purpose but were in fact being used to enable wide-ranging surveillance of user behaviour.
Scale of the Problem
287 Chrome extensions identified as data harvesters
37.4 million total installations across the affected extensions
Data sent to more than 30 separate collection companies
Extensions spanned categories including ad blocking, media downloading, and browser customisation
What Users Should Do
Review installed Chrome extensions and remove any that are unfamiliar or unnecessary
Check extension permissions — be wary of tools that request access to 'all websites' or 'browsing activity'
Prefer extensions from well-known, audited publishers
Keep Chrome up to date to benefit from Google's ongoing extension policy enforcement
Google has been notified of the affected extensions and is expected to take enforcement action. Users who suspect their data may have been compromised should review their browser extension list and consider resetting browser permissions.
