Warning issued for Google Chrome users with over 3,000,000 at risk of hacks

Cyber threats appear to be lurking everywhere and now hackers have their eyes set on unassuming Google Chrome users.

Tech experts at GitLab Threat Intelligence spotted 16 ‘malicious’ Chrome browser extensions which have potential to infect millions of computers.

The affected extensions include those used to capture a screen shot, ad blocking and emoji keyboards, with at least 3,200,000 users at risk, they warned.

How does the malicious extension work?

A ‘threat actor’ is using Chrome extensions to inject code into legitimate browsers to ‘facilitate advertising and search engine optimisation fraud,’ GitLab said.

The extensions were infected with malicious updates when users permitted them – unknowingly.

The experts said: ‘The threat actor uses a complex multistage attack to degrade the security of users’ browsers and then inject content, traversing browser security boundaries and hiding malicious code outside of extensions.’

Below is a full list of what extensions are affected.

Hackers were able to gain access by ‘hijacking popular extensions’ on web stores, making them seem legitimate.

Users should delete these extensions from their computer, and running an antivirus software scan can also help.

GitLab said users should be careful when an extension asks permission to ‘read and change all data on all websites’ as installing something malicious with these permissions given ‘completely compromises your browser.’

Positive reviews and a high install count on an extension in a web store do not mean it is safe as ‘threat actors can purchase or hijack popular extensions to capitalise on the trust that comes from popularity.’

The hackers have been weaponising extensions in this way since at least July 2024.

The Chrome extension warning comes after Gmail users were told to be vigilant after a new scam saw hackers using AI calls to try to get access to Google email accounts.

Then, Outlook and Gmail accounts came under attack after a new, sophisticated phishing tool that can even bypass the extra layer of two-factor authentication.