A cyber-terrorist hacks into a system (file image)(Image: Getty Images/iStockphoto)

Google Chrome warning as internet users at severe risk of harrowing fraud

Google Chrome is said to have been targeted by criminals injected malicious codes into browser extensions, which allows the crooks to steal user data and commit scams

by · The Mirror

Millions of Google Chrome users have been warned about 16 browser extensions which have been compromised by hackers.

The approximate 3.2 million users should delete the browers now as cybersecurity experts have found hackers are scamming people with them. The criminals inject malicious codes into the extensions to steal user data and commit 'search engine fraud' - the scam of driving clicks to hacker-controlled websites for ad revenue.

It means strangers could have access to your data. The Mirror has this morning contacted Google about the serious breach. It is understood, though, the list includes Blipshot, Emojis, Color Changer for YouTube, Video Effects for YouTube and Audio Enhancer, Themes for Chrome and YouTube Picture in Picture and Mike Adblock für Chrome, Super Dark Mode and Emoji Keyboard Emojis for Chrome.

Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader are also deemed compromised.

Changes to Chrome mean Google can now track you across all your devicesOnline advertisers now allowed to track user data across all internet-enabled devices, including gaming consoles and smart TVs.Ian Craig, 19 Feb 2025
The warning concerns some Google Chrome extensions( Image: Getty Images)

Users who have downloaded any of these extensions will need to remove them manually. Chrome has, though, deleted the extensions from its Web Store, it is understood this morning.

The team from GitLab Threat Intelligence, which uncovered the scheme, said the best way to avoid a hijacked browser extension is to vet the programs you're installing on your computer and read any reviews which warn about potential dangers.

This includes checking what "permissions" an extension is asking for, meaning which files or devices is the program looking to access with the user's blessing.

Chrome itself doesn't support extensions on Android phones, limiting the scope of the threat to those installing these programs on their computers.

Unlike typical apps and extensions built by hackers from scratch, these Chrome extensions were actually taken over by cyber criminals using phishing attacks on developers. In some instances, the creators of the extensions were tricked into transferring control of their inventions willingly.

Once the hackers had control, they were able to inject malicious updates into the extensions, meaning anyone who installed them had already opened the door to a future cyber attack. The Mirror has this morning contacted Google for comment.