The researcher warned that such data collection could enable corporate espionage by exposing internal company URLs accessed by employees, and in cases where extensions also obtain cookies, could facilitate credential harvesting by providing attackers with details of active web sessions.
Extensions include VPNs, productivity tools, and shopping add-ons
The research identified numerous widely distributed extensions with risky behavior across categories such as VPN/proxy services, coupon finders, PDF tools, and browser utilities. Many of these have hundreds of thousands or millions of users.
A few of these extensions include Pop up blocker for Chrome, Stylish, BlockSite block Websites, Stay Focused, SimilarWeb – Website traffic and SEO Checker, WOT: Website Security and Safety Checker, Smarty, Video Ad Blocker Plus for YouTube, Knowee AI, and CrxMouse: Mouse Gestures.
