32 Google Chrome extensions discovered to be posing big security risks
July 15, 2026
  • Read Ecopy
  • Circulation
  • Advertise
  • Careers
  • About Us
  • Contact Us
Android AppiPhone AppArattai
Organiser
  • ‌
  • Bharat
    • Assam
    • Bihar
    • Chhattisgarh
    • Jharkhand
    • Maharashtra
    • View All States
  • World
    • Asia
    • Europe
    • North America
    • South America
    • Africa
    • Australia
  • Editorial
  • International
  • Opinion
  • RSS @ 100
  • More
    • Op Sindoor
    • Analysis
    • Sports
    • Defence
    • Politics
    • Business
    • Economy
    • Culture
    • Special Report
    • Sci & Tech
    • Entertainment
    • G20
    • Azadi Ka Amrit Mahotsav
    • Vocal4Local
    • Web Stories
    • Education
    • Employment
    • Books
    • Interviews
    • Travel
    • Law
    • Health
    • Obituary
  • Subscribe
    • Subscribe Print Edition
    • Subscribe Ecopy
    • Read Ecopy
  • ‌
  • Bharat
    • Assam
    • Bihar
    • Chhattisgarh
    • Jharkhand
    • Maharashtra
    • View All States
  • World
    • Asia
    • Europe
    • North America
    • South America
    • Africa
    • Australia
  • Editorial
  • International
  • Opinion
  • RSS @ 100
  • More
    • Op Sindoor
    • Analysis
    • Sports
    • Defence
    • Politics
    • Business
    • Economy
    • Culture
    • Special Report
    • Sci & Tech
    • Entertainment
    • G20
    • Azadi Ka Amrit Mahotsav
    • Vocal4Local
    • Web Stories
    • Education
    • Employment
    • Books
    • Interviews
    • Travel
    • Law
    • Health
    • Obituary
  • Subscribe
    • Subscribe Print Edition
    • Subscribe Ecopy
    • Read Ecopy
Organiser
  • Home
  • Bharat
  • World
  • Operation Sindoor
  • Editorial
  • Analysis
  • Opinion
  • Culture
  • Defence
  • International Edition
  • RSS @ 100
  • Magazine
  • Read Ecopy
Home World

32 Google Chrome extensions discovered to be posing big security risks

The investigation by the cybersecurity firm Avast began when the researcher Wladimir Palant reported a malicious code in the PDF Toolbox extension on May 16.

WEBDESKWEBDESK
Jun 7, 2023, 10:00 pm IST
in News, World, Sci & Tech, International Edition
Follow on Google News
FacebookTwitterWhatsAppTelegramEmail

On June 2, the cybersecurity firm Avast found 32 malicious extensions on the Chrome Web Store, which has combined 75 million downloads. It is estimated that around millions are affected worldwide. These extensions infect users with ads on web pages and manipulate search results.

The investigation by the cybersecurity firm began when the researcher Wladimir Palant reported a malicious code in the PDF Toolbox extension on May 16. This extension has around 2 million users with an average rating of 4.2 in the Chrome Web Store. Most of these extensions have various functionalities ranging from adblockers, downloaders, and browser themes to recorders and tab managers.

Though, Plant identified 34 malicious extensions, most of which are listed as ‘featured’ such as Autoskip for Youtube (9 million), Soundboost (6.9 million), Crystal Ad block (6.8 million), Brisk VPN (5.6 million), Clipboard Helper (3.5 million), and Maxi Refresher (3.5 million) etc. But he says the list still needs to be completed and needs a thorough search.

The researcher found the code remains hidden as an API wrapper. He explained that the code allows “serasearchtop[.]com” domain to inject arbitrary JavaScript code into any website visited by the user. He found that websites are injected with “arbitrary JavaScript code” for monetisation purposes which is against the Chrome Web Store policies. He also saw after installing the extension; the code takes 24 hours to activate.

Avast warns, “The trickiest part about malicious browser extensions is the nature of the tools – the extensions themselves are designed to provide legitimate functionality, which makes them appear harmless at first glance. However, hidden within their code lies obfuscated code of malicious origin. The final payload appears to be an adware that spams people with unwanted ads and a search result hijacker that alters search experiences by displaying sponsored links, paid search results, and potentially malicious links”.

The cybersecurity firm cautions people about the malicious extension, “This example is a reminder that individuals must use caution when installing extensions – even those available on official platforms like the Chrome Web Store. A rule of thumb: Always check the developer’s reputation and read reviews before installing an extension. Also, be wary of extensions that request excessive permissions or seem to have unrelated functionalities”.

Google has taken cognisance of the threat and removed many malicious extensions. But according to Plant, out of 34 reported extensions, only eight extensions are left to be removed by Google. These extensions are Soundboost, Amazing Dark Mode, Awesome Auto Refresh, Volume Frenzy, Leap Video Downloader, Qspeed Video Speed Controller, HyperVolume, Light picture-in-picture.

The infamous CryptBot malware, which Google says has stolen data from tens of thousands of Chrome browser users over the course of the past year, has also been blocked by the search engine giant.

CryptBot is a particular kind of malware known as a “infostealer” since it is designed to locate and steal sensitive information from victims’ computers, including login details of social media accounts, cryptocurrency wallets etc.

Cybersecurity concerns continue to pose a serious threat, particularly in nations like India, where many Internet users are not aware of these security problems. Many cybercriminals are figuring out how to con people through messaging services like WhatsApp. Scammers typically attempt to trick users into sharing private OTPs (one-time passwords) or logging onto shady websites.

Also Read: MOVEit transfer tool leveraged by hackers to steal user data: US security researchers

Cybercriminals are also notorious for using loopholes in software and devices to harm users or infect user devices using malware to steal their data. On June 1, US security experts reported that hackers were stealing the data of several users from the systems of the well-known file transfer tool MOVEit Transfer. A day before, the developer of this software reported about a security flaw in it.

Even a new Trojan malware called ‘SpinOk’ was discovered by the researchers at Dr Web in collaboration with BleepingComputer. It reportedly affected as many as 101 applications on Google Play Store.

Topics: SoundboostCybersecurityWladimir PalantGooglePDF ToolboxAmazing Dark ModeAwesome Auto RefreshVolume FrenzySpinOKLeap Video DownloaderMOVEitQspeed Video Speed ControllerAvastHyperVolumeGoogle ChromeLight picture-in-picture.Chrome extensionsCryptBot
Share1TweetSendShareSend
✮ Subscribe Organiser YouTube Channel. ✮
✮ Join Organiser's WhatsApp channel for Nationalist views beyond the news. ✮
Previous News

Indian Navy to commemorate 130th anniversary of Mahatma Gandhi’s ‘Satyagraha’ in Durban

Next News

Union Cabinet approves HUDA City Centre-Cyber City metro project in Gurgaon

Related News

Why India must hold Meta and Google accountable

Meta and Google: Hiding Behind Technology or Evading Accountability?

Indian sanitaryware brand took Google to court & won. Rivals can no longer bid on its trademark

Delhi High Court rules Google Ads’ use of ‘HINDWARE’ keyword as trademark infringement, orders Rs 30 lakh damages

Election Commission’s ECINET platform blocked 68 lakh cyber attacks on May 4 counting day

Representative image

India’s SIM-Binding Mandate: How the DoT is forcing messaging apps to link services strictly to active SIM cards

Burgess, the head of ASIO, warns that Beijing-backed hackers are preparing for large-scale attacks on critical networks

Australia warns of intensifying Chinese cyber threat to critical infrastructure

Opposition leader R. Ashok accused the Congress government of "rowdyism" for threatening citizens on Caste Survey

Karnataka: Congress government accused of intimidating citizens, violating court orders in caste census row

Load More

Latest News

FIR filed against NSUI leader for rape

Bhopal Shocker: NSUI leaders booked for rape of ST girl during ‘Chhatra Goonj Ki Awaaz’ campaign; FIR registered

AI Generated Image

Ladakh Gets Major Governance Boost: All 7 districts to have autonomous hill councils

Karnataka: Mangaluru police bust illegal immigration network; 11 Bangladesh nationals & three agents arrested

Ahead of Rath Yatra, Gujarat ATS Busts Suspected JeM Network, 12 Detained

Gujarat ATS Crackdown: 12 suspected Jaish-e-Mohammed operatives held ahead of Jagannath Rath Yatra

Umar Faizy Mukkam

Samastha Kerala Jamiyyathul Ulama opposes PM SHRI in Keralam, demands Arabic and foreign languages university

“Reuters-You can do better”: US Envoy Sergio Gor slams British news agency over fake narrative on India-US trade deal

Tamil Nadu: Karur stampede appointments by CM Joseph open Pandora’s box as other victims’ kin seek similar benefits

A Protest Held by Hindu Munnani a protest held at Thiruvattar in Kanyakumari district

Tamil Nadu: Hindu Munnani protests in Kanyakumari, seeks removal of illegal Christian prayer hall despite court orders

The Rajasthan Legislative Assembly marks 75 glorious years of upholding democratic values and legislative excellence

Rajasthan Legislative Assembly at 75: Honouring a legacy of landmark laws, democratic values and visionary leadership

External Affairs Minister Dr. S. Jaishankar launched India's campaign for the UNSC chair

India unveils campaign for UNSC seat; EAM Jaishankar outlines SHANTI vision for secure, peaceful & just world order

Load More
  • Privacy
  • Terms
  • Cookie Policy
  • Refund and Cancellation
  • Delivery and Shipping

© Bharat Prakashan (Delhi) Limited.
Tech-enabled by Ananthapuri Technologies

  • Home
  • Search Organiser
  • Bharat
    • Assam
    • Bihar
    • Chhattisgarh
    • Jharkhand
    • Maharashtra
    • View All States
  • World
    • Asia
    • Africa
    • North America
    • South America
    • Europe
    • Australia
  • Editorial
  • Operation Sindoor
  • Opinion
  • Analysis
  • Defence
  • Culture
  • Sports
  • Business
  • RSS @ 100
  • Entertainment
  • More ..
    • Sci & Tech
    • Vocal4Local
    • Special Report
    • Education
    • Employment
    • Books
    • Interviews
    • Travel
    • Health
    • Politics
    • Law
    • Economy
    • Obituary
  • Subscribe Magazine
  • Read Ecopy
  • Advertise
  • Circulation
  • Careers
  • About Us
  • Contact Us
  • Policies & Terms
    • Privacy Policy
    • Cookie Policy
    • Refund and Cancellation
    • Terms of Use

© Bharat Prakashan (Delhi) Limited.
Tech-enabled by Ananthapuri Technologies