GitLab Threat Intelligence has warned over 3.2 million Chrome users to delete 16 malicious browser extensions that compromise security and expose data to attackers.
The extensions, including ad blockers, screen capture tools, and emoji keyboards, were found injecting harmful code into browsers. GitLab says attackers hijacked these extensions through phishing or by acquiring them from developers, using them to bypass security protections and manipulate content.
Once installed, the extensions connect to a remote server, receive hidden commands, and strip security measures from websites. Although Google has removed them from the Chrome Web Store, the warning to users is to manually uninstall them to stay protected.
Compromised extensions include Blipshot, WAToolkit, Super Dark Mode, and Adblock for Chrome. Experts warn that high download counts and positive reviews do not guarantee safety, as attackers often hijack trusted extensions.
Businesses should restrict unverified extensions, review permissions regularly, and use endpoint security to prevent such threats. Monitoring browser activity can also help detect potential risks early.
