Urgent Google Chrome warning issued with over 3,000,000 users at risk of hacks

A Google Chrome screen on a laptop and a Google screen on a mobile phone. — Google Chrome users should delete 16 extensions that have been hijacked by a ‘threat actor’ (Pictures: Getty)

Millions of Chrome users have been warned to delete 16 browser extensions which have been weaponised for fraud.

Cyber threats appear to be lurking everywhere and now hackers have their eyes set on unassuming Google Chrome users.

Tech experts at GitLab Threat Intelligence spotted 16 ‘malicious’ Chrome browser extensions which have potential to infect millions of computers.

The affected extensions include those used to capture a screen shot, ad blocking and emoji keyboards, with at least 3,200,000 users at risk, they warned.

A person typing on a laptop in a dark room. — Be careful if an extension asks permission to read and change all data on websites when installing it (Picture: Getty Images)

How does the malicious extension work?

A ‘threat actor’ is using Chrome extensions to inject code into legitimate browsers to ‘facilitate advertising and search engine optimisation fraud,’ GitLab said.

The extensions were infected with malicious updates when users permitted them – unknowingly.

The experts said: ‘The threat actor uses a complex multistage attack to degrade the security of users’ browsers and then inject content, traversing browser security boundaries and hiding malicious code outside of extensions.’

Below is a full list of what extensions are affected.

What Chrome extensions are affected?

Emojis -Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube Picture in Picture
Mike Adblock für Chrome – Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super dark mode
Emoji keyboard emojis for chrome
Adblocker for Chrome – NoAds
Adblock for You
Adblock for Chrome
Nimble capture
KProxy

(Source: GitLab)

Hackers were able to gain access by ‘hijacking popular extensions’ on web stores, making them seem legitimate.

Users should delete these extensions from their computer, and running an antivirus software scan can also help.

GitLab said users should be careful when an extension asks permission to ‘read and change all data on all websites’ as installing something malicious with these permissions given ‘completely compromises your browser.’

Cyber fraudsters are taking advantage of every possible security loophole (Picture: Anadolu Agency)

Positive reviews and a high install count on an extension in a web store do not mean it is safe as ‘threat actors can purchase or hijack popular extensions to capitalise on the trust that comes from popularity.’

The hackers have been weaponising extensions in this way since at least July 2024.

The Chrome extension warning comes after Gmail users were told to be vigilant after a new scam saw hackers using AI calls to try to get access to Google email accounts.

Then, Outlook and Gmail accounts came under attack after a new, sophisticated phishing tool that can even bypass the extra layer of two-factor authentication.

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.

MORE: Ex-Google boss warns ‘extreme risk’ AI could be weaponised by terrorists

MORE: Google Calendar removes cultural holidays including Pride and Black History Month

READ SOURCE