A recent investigation uncovered 287 Chrome extensions that may be quietly collecting users’ browsing data and transmitting it to external servers. These extensions represent around 37.4 million installs — close to 1% of Chrome’s global user base.
Rather than trusting what extensions claimed to do, researchers focused on real-world behavior.
They built an automated testing environment where Chrome ran inside a controlled container. All web traffic was monitored through an interception proxy while specially crafted web addresses were visited to detect abnormal data flows.
The logic behind the test was straightforward.
If an extension only changes appearance or manages tabs, its outgoing network traffic should remain stable — even when visiting longer URLs.
However, if it captures and forwards browsing details, outgoing data increases in proportion to the size of the URL.
To identify this pattern, the team used a correlation model that compared transmitted data against URL length. A strong match indicated confirmed leakage, while moderate signals were flagged for deeper review.
The effort required significant computing resources — nearly 930 CPU-days — with each extension taking roughly 10 minutes to analyze.
Some of the data destinations were linked to analytics platforms and lesser-known brokers. The report references entities such as Similarweb, Big Star Labs, Curly Doggo, and Offidocs, among others.
Why This Matters Beyond Privacy
This isn’t just about tracking behavior for ads.
Exposed URLs can contain sensitive details — password reset tokens, internal dashboards, document names, API endpoints, and other information that attackers could weaponize.
To examine how the harvested data might be used later, researchers deployed decoy “honey” links. Certain infrastructure repeatedly attempted to access these links afterward, suggesting that browsing data may be stored, analyzed, or even resold.
What You Should Do
- Remove extensions you don’t actively use.
- Avoid unknown publishers.
- Review permissions carefully — especially those requesting full access to website data.
- In corporate environments, restrict installations through policy controls and maintain a strict allowlist.
Browser extensions enhance productivity — but they can also silently expand your risk surface.
Leave A Comment