Undetectable Humanizer: Lifetime Subscription
Transform AI-Generated Text into Human-Like, High-Ranking Content & Bypass Even the Most Sophisticated AI Detectors
Get 95% Deal

75 million Chrome users have installed these malicious extensions

Martin Brinkmann
Jun 5, 2023
Updated • Jun 5, 2023
Google Chrome
|
32

Google has removed more than two dozen malicious Chrome extensions from the official Chrome Web Store. These extensions were installed on over 75 million times by Chrome user, who need to become active to remove the extensions from their browsers.

Wladimir Palant detected the malicious extensions and published information about them on the Almost Secure blog. Palant reported a total of 34 malicious extensions to Google, but Google did not remove the extensions immediately.

Security behemoth Avast confirmed the findings and Google pulled the extensions that Avast listed from the Chrome Web Store. Palant notes in a follow-up blog post that these were not all of the malicious extensions. A total of 8 were not removed by Google, as they were later added by Palant and therefore not included in Avast's listing.

Several of the extensions had millions of users, with Autoskip for YouTube leading the list with a weekly active user count of over 9 million. Google listed many of the extensions as featured in the Chrome web store, which one again highlights that the company is not putting enough effort into making sure that featured extensions are safe.

Mozilla does a better job at that. All recommended extensions are code examined whenever they are updated, which means that the likelihood of a malicious recommended extension is very slim. A reviewer would have to overlook malicious code in an extension for that to happen.

Most extensions that Palant discovered are productivity based. Some are video downloaders, others let users interact with videos or audio, e.g., changing volumes, add visual changes or claim to block ads.

Manual removal is required

The main issue for Chrome users is that removal of the extensions does not remove the malicious extensions from Chrome installations.

Here is the full list of extensions that are malicious:

Name Weekly Active usersID
Autoskip for Youtube 9,008,298lgjdgmdbfhobkdbcjnpnlmhnplnidkkp
Soundboost6,925,522chmfnmjfghjpdamlofhlonnnnokkpbao
Crystal Ad block 6,869,278lklmhefoneonjalpjcnhaidnodopinib
Brisk VPN 5,595,420 ciifcakemmcbbdpmljdohdmbodagmela
Clipboard Helper 3,499,233 meljmedplehjlnnaempfdoecookjenph
Maxi Refresher 3,483,639 lipmdblppejomolopniipdjlpfjcojob
Quick Translation 2,797,773lmcboojgmmaafdmgacncdpjnpnnhpmei
Easyview Reader view 2,786,137icnekagcncdgpdnpoecofjinkplbnocm
PDF toolbox 2,782,790 bahogceckgcanpcoabcdgmoidngedmfo
Epsilon Ad blocker 2,571,050bkpdalonclochcahhipekbnedhklcdnp
Craft Cursors 2,437,224 magnkhldhhgdlhikeighmhlhonpmlolk
Alfablocker ad blocker 2,430,636 edadmcnnkkkgmofibeehgaffppadbnbi
Zoom Plus 2,370,645 ajneghihjbebmnljfhlpdmjjpifeaokc
Base Image Downloader 2,366,136nadenkhojomjfdcppbhhncbfakfjiabp
Clickish fun cursors 2,353,436 pbdpfhmbdldfoioggnphkiocpidecmbp
Cursor-A custom cursor 2,237,147 hdgdghnfcappcodemanhafioghjhlbpb
Amazing Dark Mode 2,228,049 fbjfihoienmhbjflbobnmimfijpngkpa
Maximum Color Changer for Youtube 2,226,293 kjeffohcijbnlkgoaibmdcfconakaajm
Awesome Auto Refresh 2,222,284 djmpbcihmblfdlkcfncodakgopmpgpgh
Venus Adblock 1,973,783obeokabcpoilgegepbhlcleanmpgkhcp
Adblock Dragon 1,967,202mcmdolplhpeopapnlpbjceoofpgmkahc
Readl Reader mode 1,852,707 dppnhoaonckcimpejpjodcdoenfjleme
Volume Frenzy 1,626,760 idgncaddojiejegdmkofblgplkgmeipk
Image download center 1,493,741deebfeldnfhemlnidojiiidadkgnglpi
Font Customizer 1,471,726gfbgiekofllpkpaoadjhbbfnljbcimoh
Easy Undo Closed Tabs 1,460,691pbebadpeajadcmaoofljnnfgofehnpeo
Screence screen recorder 1,459,488flmihfcdcgigpfcfjpdcniidbfnffdcf
OneCleaner 1,457,548pinnfpbpjancnbidnnhpemakncopaega
Repeat button 1,456,013iicpikopjmmincpjkckdngpkmlcchold
Leap Video Downloader 1,454,917bjlcpoknpgaoaollojjdnbdojdclidkh
Tap Image Downloader 1,451,822okclicinnbnfkgchommiamjnkjcibfid
Qspeed Video Speed Controller 732,250pcjmcnhpobkjnhajhhleejfmpeoahclc
HyperVolume 592,479hinhmojdkodmficpockledafoeodokmc
Light picture-in-picture 172,931gcnceeflimggoamelclcbhcdggcmnglm

Palant notes that the list is likely incomplete. It is based on a sample of about 1600 extensions and not the full number of extensions that are offered on the Chrome Web Store.

Chrome users need to load chrome://extensions/ or select Menu > More Tools > Extensions to open the list of installed browser extensions.

There they need to check the installed extensions against the list in the table above. A click on the remove button uninstalls the extension immediately.

Closing Words

Users interested in technical details may want to check out Palant's two articles on the matter. There is also the Avast article, which provides additional information, including that even more than the reported 32 extensions were taken down so far by Google.

For Chrome users, it is important to get rid of these malicious extensions immediately by uninstalling them from the web browser. While it is not 100% certain what they do, it is clear that they are set up for malicious activity.

Now You: have you installed any of the extensions?

Summary
These malicious Chrome extensions have been installed by 75 million users
Article Name
These malicious Chrome extensions have been installed by 75 million users
Description
Google has removed more than two dozen malicious Chrome extensions from the official Chrome Web Store, but Chrome users need to become active to protect their data.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonymous said on June 7, 2023 at 2:34 am
    Reply

    Let me reiterate that the days of browser extensions are over.
    Only Chrome can be trusted because it doesn’t require extensions.
    It’s not Google’s fault, it’s the Mozilla and Brave sympathizers who create the risk.

    1. owl said on June 8, 2023 at 9:28 am
      Reply

      > Let me reiterate that the days of browser extensions are over.
      Only Chrome can be trusted because it doesn’t require extensions.
      It’s not Google’s fault, it’s the Mozilla and Brave sympathizers who create the risk.

      “You cannot see the wood for the trees.”

      It’s not the end of browser extensions, it’s the end of extensions the way Google works.
      Google’s review system (AI) is so sloppy that it doesn’t work at all.
      https://www.ghacks.net/2023/06/07/google-patches-exploited-security-issue-in-chrome-update-asap/#comment-4567733

      There are many talented developers to the public.
      It is a meaningful measure to provide such people with a place to play an active role.
      With the shift to “AI”, not only will employment shrink, but the place of activity will also be lost.

      Many of Firefox’s add-ons are developed and supported by “open source projects”, so it is an advantage that it is easy to reflect program scrutiny and user feedback.

      Some people say that extension implementations “expose fingerprints”, but the same issue is caused by browser specific features with or without extensions.
      In other words, even if the User-Agent is disguised, the uniqueness is exposed by turning on/off Brave’s functions. Vivaldi, in particular, has a small number of users and uses a special locale, so it can even determine where you live. Brave’s user count is three decimal places, making it extremely unique.

      As a reference:
      https://www.ghacks.net/2023/04/03/the-mullvad-browser-a-privacy-focused-browser-designed-to-reduce-your-fingerprint/#comment-4563254

      1. Iron Heart said on June 10, 2023 at 9:24 pm
        Reply

        @owl

        Brave has 60 million users.

      2. owl said on June 11, 2023 at 12:12 am
        Reply

        @Iron Heart
        > Brave has 60 million users.

        Thanks for pointing out.
        My knowledge was outdated.
        As you know, I’m a digital detox lifestyle, so I don’t know what’s going on lately (about half a year). I will be careful with basic data (numbers). Thank you for your continued support.

    2. Anonymous said on June 8, 2023 at 9:27 am
      Reply

      >

      “You cannot see the wood for the trees.”

      It’s not the end of browser extensions, it’s the end of extensions the way Google works.
      Google’s review system (AI) is so sloppy that it doesn’t work at all.
      https://www.ghacks.net/2023/06/07/google-patches-exploited-security-issue-in-chrome-update-asap/#comment-4567733

      There are many talented developers to the public.
      It is a meaningful measure to provide such people with a place to play an active role.
      With the shift to “AI”, not only will employment shrink, but the place of activity will also be lost.

      Many of Firefox’s add-ons are developed and supported by “open source projects”, so it is an advantage that it is easy to reflect program scrutiny and user feedback.

      Some people say that extension implementations “expose fingerprints”, but the same issue is caused by browser specific features with or without extensions.
      In other words, even if the User-Agent is disguised, the uniqueness is exposed by turning on/off Brave’s functions. Vivaldi, in particular, has a small number of users and uses a special locale, so it can even determine where you live. Brave’s user count is three decimal places, making it extremely unique.

      As a reference:
      https://www.ghacks.net/2023/04/03/the-mullvad-browser-a-privacy-focused-browser-designed-to-reduce-your-fingerprint/#comment-4563254

  2. VioletMoon said on June 6, 2023 at 4:34 pm
    Reply

    Great warning; to see how many users are affected by each extension.

    Certainly, it makes little scientific/statistical sense to add all the users of all the “as of now” malicious extensions and compile a 75 million users affected number.

    It would be like adding all the salaries of all the bartenders in Austria and saying, “Bartenders in Austria make 75 million dollars per month.”

    Unless one can verify that each user has all the named extensions installed, which is unsupported in the article, only 9,000,000 [or fewer] users may be at risk if any one extension is installed.

  3. Anonymous said on June 6, 2023 at 8:59 am
    Reply

    Chrome is the only one that strictly enforces MV3. That’s why Chrome is the best.

  4. Anonymous said on June 6, 2023 at 8:15 am
    Reply

    What is clear is that Google is trustworthy and anti-Google Mozilla is the worst.
    Don’t be fooled.

  5. Anonymous said on June 6, 2023 at 3:57 am
    Reply

    Chrome is the best and has proven to have the strongest security. Nothing to worry about.

    1. Iron Heart said on June 6, 2023 at 8:26 am
      Reply

      Browser security is not extension security.

      1. Anonymous said on June 6, 2023 at 10:23 am
        Reply

        I use Chrome, so I don’t need any extensions. Browsers that require extensions only create risks. Trust Chrome.

      2. Kirk said on June 7, 2023 at 5:39 am
        Reply

        I am not sure if your comment regarding Chrome is satire or not. How do you browse the web without err, even an ad blocker?

      3. Iron Heart said on June 7, 2023 at 4:43 pm
        Reply

        @Kirk

        I assume the widely used open source extension uBlock Origin has a long enough track record for you to trust it?

      4. owl said on June 10, 2023 at 7:13 am
        Reply

        > open source extension uBlock Origin has a long enough track record for you to trust it?

        Can you trust uBlock Origin?
        https://github.com/gorhill/uBlock/wiki/Can-you-trust-uBlock-Origin%3F
        uBlock Origin works best on Firefox
        https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox

      5. Iron Heart said on June 10, 2023 at 9:25 pm
        Reply

        @owl

        uBlock Origin works very well on Chromium too and is maintained by the same guy, so not sure what the Firefox advertisement is doing here.

        Not that I care, I use Brave.

      6. owl said on June 11, 2023 at 12:15 am
        Reply

        @Iron Heart
        > Not that I care, I use Brave.

        People have different sense of values, so they are free to choose whatever they want.
        As you know, my regular device is “iPad” and Safari with countermeasures.
        When using a Windows machine, I also use Brave, but in that case only “Brave Shield” (anti-fingerprinting).
        From a few days ago, I started using Pale Moon 32.2.0 (64-bit). In the case of Pale Moon, it is uBlock Origin (uBlock0_1.16.4.30.firefox-legacy.xpi), but the Maintainer Ukrainian Last Missing Jun 12, 2021 (probably due to the war with Russia), and that filters has not been updated since.
        https://github.com/gorhill/uBlock-for-firefox-legacy/releases
        So I added eMatrix (Fork of uMatrix,) 5.0.3.
        https://gitlab.com/vannilla/ematrix
        That’s how it is for me.

  6. Anonymous said on June 6, 2023 at 3:48 am
    Reply

    MV3 was invented to stop this kind of thing, and Mozilla, which denies MV3, is the biggest risk of all!

    1. deleatur said on June 6, 2023 at 7:09 am
      Reply

      Yeah, sure. Nice try.

      1. Anonymous said on June 6, 2023 at 9:42 am
        Reply

        Even the Brave is just copying Firefox.
        Only Google can enable the one and only best browser and service.
        With Google everything works.

      2. owl said on June 8, 2023 at 9:55 am
        Reply

        > Only Google can enable the one and only best browser and service.
        With Google everything works.

        With Google, everything about advertising marketing works.
        On the other hand, users will criticize the inexhaustible vulnerability of the system and ridicule it as the “vulnerable king”, comparing it to Emmentaler cheese, which is famous for its holes.
        https://www.ghacks.net/2023/06/07/google-patches-exploited-security-issue-in-chrome-update-asap/#comment-4567685

      3. just an Ed said on June 6, 2023 at 2:43 pm
        Reply

        How much do you earn for promoting spybrowser?

  7. Naj4 said on June 6, 2023 at 1:46 am
    Reply

    Nothing unexpected coming from a software that users catch while browsing instead of being installed.

  8. Tom Hawack said on June 6, 2023 at 1:22 am
    Reply

    Google has financial means that Mozilla has not.
    Google does not prevent malicious extensions whilst Mozilla does.
    Google lingers to remove extensions proved to be malicious or just doesn’t remove some of them.

    And, of course, Google tracks as detailed on Google Watchdog [https://www.googlewatchdog.com/}

    Despite all this Google has the market share we know : tremendous.
    Why? Fame, fashion? A former U.S. President had observed that he could shoot an individual on a widely trafficked New York City street and not “lose one voter.”. In the same way Google could do worse than it already does and not lose one user.

    Hopeless.

    1. John G. said on June 6, 2023 at 3:54 am
      Reply

      @Tom Hawack, hopeless word couldn’t exist anymore really soon. One teacher of mine told some time ago that the world is so fuc** up that it works like a swiss clock. Although it may seem contradictory, the best way to predict “peace” is the fear of starting a new “war”. Fear of changes, fear of losing the few things you have in your home. Pandemic? Oh, God, people only want fun. The same could be applied to Google, it’s so powerful and it has so many services globally that every Android phone could start burning and the next day everyone would be buying the same phone again. Just because people are tired of fighting, tired of configuring, tired of reinstalling, and tired of everything. They are so tired that they don’t care a real sh** about the choice between the fear and the freedom. Laziness is the new hopelessness. For example, one of my best friends is complaining every single day about his W11, however he doesn’t want to install W10 because he doesn’t want to lose all the third party software that he installed to make W11 visually equal to W10. Hopeless? The smallest of all possible worries in this world is hopeless.

      And I could have talked about the censored word forbidden here, but for what? We are fewer and fewer and it is not a matter of saying goodbye all in a bad way. Just my two cents about this.

  9. Anonymous said on June 6, 2023 at 12:38 am
    Reply

    The extensions may be using sites using tracking cookies (amongst other stuff) that Google can exploit for their own gain, so perhaps they don’t want to force an auto removal.

  10. Anonymous said on June 5, 2023 at 11:51 pm
    Reply

    Never heard of any of these. LOL.

    1. Anonymous said on June 6, 2023 at 7:28 am
      Reply

      Its the malware-undetected extensions you have heard of that are the main worry! In other words, don’t be complacent because extensions you use remain unreported.

  11. Tachy said on June 5, 2023 at 10:55 pm
    Reply

    Why doesn’t google just remove them?

    They have the ability to remove extensions from users browsers with out the users permission or involvment and have done so before.

    1. Andy Prough said on June 5, 2023 at 11:24 pm
      Reply

      >”Why doesn’t google just remove them?”

      Probably the same reason Google keeps selling ad space at the top of its search page for malware links.

    2. pHROZEN gHOST said on June 5, 2023 at 11:05 pm
      Reply

      Do you think they care?

      “Buyer beware”

  12. Andy Prough said on June 5, 2023 at 10:03 pm
    Reply

    Even “Clickish Fun Cursers”?

    Et tu, Brute?

    What’s the world coming to when your cursors can’t be clickish and fun(ish) without being malware(ish)?

  13. John G. said on June 5, 2023 at 8:43 pm
    Reply

    Manual uninstall is required. LOL. Just pure LOL.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.