Google Chrome Privacy Tips
kurt the Cyberguy explains how to improve your security and privacy with Google Chrome on your device while browsing the web.
Whether you want to block ads, track the best deals or Enhance your browsing experience. They can be downloaded from the Chrome web store, which features the same features as the Play Store, but is used for extensions. However, extensions are easier to mimic and turn into malware than applications.
As we just reported, more than 3.2 million users were 16 malicious browser extensionshighlighting how attackers can use seemingly legitimate tools to spread malware or steal sensitive data.
Now, security researchers have discovered a polymorphic attack that allows malicious chrome extensions to be converted into other browser extensions, including password managers, encrypted wallets and banking applications to steal sensitive information.
Read on to learn how this attack works and how to protect yourself from attacks.
Chrome browser on smartphones (Kurt “Cyberguy” Knutsson)
How malicious polymorphic attacks work
Security researchers Squarex Laboratory A new attack has been found that malicious chrome extensions masquerade as legitimate attacks such as password managers, encrypted wallets and banking applications to steal sensitive information. This “polymorphism” attack uses Chrome’s extended system to deceive users while staying under the radar.
The attack begins with hackers uploading harmless extensions that look like Chrome webstore. It even has real features such as AI-powered marketing tools to convince users to install and pin it in the browser.
Once installed, the malicious extension will scan the victim’s browser for other extensions. It can do this in two ways. If it has permission to use the “Chrome.Management” API, you can get a list of installed extensions directly. If not, it injects the code into the web page to check for unique files or resources related to certain extensions.
If a targeted extension (such as 1Password) is found, the malicious extension reports it back to the attacker-controlled server. The attacker then tells it to change its name and icon if permission allows, and display a fake login pop-up that looks like a real thing, then mimic the actual extension by disabling it, changing its name and icon.
Fake extension page (square)
The Hidden Cost of Free Applications: Your Personal Information
Social engineering makes things worse
To steal user credentials, malicious extensions trigger a fake “session expiration” prompt when the victim tries to log in to the website. This tricks them into thinking they need to re-enter their password manager or banking app. When they do so, the stolen data will be sent directly to the attacker.
After the credentials are collected, the extension switches back to its original form. It restores legal extensions to make everything look normal so the victim doesn’t doubt anything. This shows the dangers of malicious chrome expansion and why stronger security measures are needed to protect users.
We approached Google, a spokesperson told Cyberguy: “We appreciate the work of the research community and have received reports. We have been investing in improving the security of Chrome webstores and we take appropriate action when we understand emerging threats.”
What is artificial intelligence (AI)?
Google Chrome Extension on laptops (Kurt “Cyberguy” Knutsson)
Beyond hackers who steal their identities
5 ways you can protect your personal data
Here are five ways to protect your sensitive information and maintain your online privacy.
1. Keep your browser and latest extensions: Outdated software is a gold mine for cybercriminals. You can exploit bugs or security gaps in older versions of your browser or extension to inject malicious code, steal data, or control the system. Updates patch these vulnerabilities, making them a critical defense route. Turn on automatic updates of your browser (e.g., Chrome, Firefox, Edge), so you always run the latest version without considering it. See my guide Keep devices and applications updated For more information.
2. Install extensions from trusted sources only: Official browser stores like Chrome Web Store or Firefox add-ons have rules and scans to attract bad actors, but they aren’t perfect. Random websites or third-party downloads extensions are more likely to hide malware or spyware. Stick to the official store of your browser; do not download the extension from the rough link.
Click here to visit Fox Business
3. With powerful antivirus software: The best way to protect yourself from installing malware (malicious links that may access private information) is to install antivirus software on all devices. This protection can also alert you to phishing email and ransomware scams, ensuring your personal information and digital assets are secure. The choice of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4. Update password: Change the password for any account that may be affected by the extension and use a unique strong password for each account. Consider using a password manager. This can help you generate and store powerful unique passwords for all your accounts. Get more details about me Best Expert Review Password Manager in 2025.
5. Invest in personal data deletion services: If your personal data is stolen due to expansion, it is crucial to act quickly to reduce the risk of identity theft and scams. While there is no service that promises to remove all data from the Internet, it is great to have a deletion service if you want to keep monitoring and automatically delete information from hundreds of sites. View my preferred data deletion service here.
Large-scale security vulnerabilities put the most popular browsers at risk on Mac
Kurt’s key points
Malicious extensions highlight that Google is not doing enough to keep malware away from the platform. Security researchers point out that Chrome web stores lack protection against such attacks, such as blocking extended icons or HTML changes suddenly, or at least warning users when such changes occur. This problem is not limited to Chrome web stores. The Play Store also hosts malicious applications from time to time, affecting millions of users. Google needs to step up security efforts and put user privacy first and at the center.
Click here to get the Fox News app
Do you trust Google to keep malicious applications and extensions away from its platform? Let’s write to us cyberguy.com/contact.
For more technical tips and security alerts for me, please subscribe to my free online reporting newsletter cyberguy.com/newsletter.
Ask Kurt a question, or let us know what stories you want us to cover.
Follow Kurt on his social channels:
Answers to the most popular web guess questions:
New things from Kurt:
Copyright 2025 CyberGuy.com. all rights reserved.
