108 Malicious Chrome Extensions Found Stealing Data from Gmail, YouTube, TikTok, and Telegram Users

🚨 Key findings from the investigation

• 54 of the extensions were designed to hijack Google account data through OAuth2 authentication abuse.
• 45 included hidden backdoors that triggered attacker-controlled websites as soon as the browser launched.
• Some extensions went further by injecting ads, removing important security protections, or adding scripts to every webpage users visited.
• In one particularly alarming case, Telegram session data was being siphoned off every 15 seconds.
• At the time of discovery, all 108 extensions were still available, with around 20,000 total installations.

⚠️ Why this is a big deal
This campaign shows how easily browser extensions - tools many people trust - can be turned into powerful attack vectors. Even extensions that start off legitimate can later be sold or compromised and repurposed for malicious use. While Chrome users are the primary target due to the browser’s massive reach, other browsers like Mozilla Firefox aren’t immune.

🛡️ Google’s response
Google says it reviews extensions before they’re published, keeps monitoring them over time, and alerts users via the extensions settings page if any risks are detected.

Still, the fact that these harmful extensions remained active highlights potential blind spots in the current detection and enforcement systems.

Newer Articles

• PlayStation Plus April 2026 Games: Horizon Zero Dawn Remastered, Racing Hits & Horror Additions Arrive
• Google Gemma 4: Offline, Open-Source AI Designed to Run Without the Cloud
• Google’s Screen-Less Fitbit Band Surfaces as NBA Star Stephen Curry Tests It

Older Articles

• Amazon Unveils Fire TV Stick HD: A Faster, Smarter, and Travel-Ready Streaming Upgrade
• AI Chatbots Fooled by Fake Disease “Bixonimania,” Raising Alarming Risks for Patient Safety
• Strengthening UCaaS Reliability with AI Observability and Intelligent Monitoring