Some of the most harmless-looking Chrome extensions are doing far more than they promise, and new research shows just how easily everyday tools can turn into privacy risks.
Security researchers warn that even basic extensions offering new tab pages, parental controls, or cleaner search results have been caught quietly spying on users, hijacking clipboards, and impersonating trusted brands, all while sitting inside Google Chrome‘s official Web Store.
When helpful Chrome extensions turn hostile
According to a detailed analysis from Symantec researchers, several extensions with more than 100,000 user base were found engaging in behavior that goes well beyond their stated purpose.
One example, called Good Tab, presents itself as a customizable new tab extension with weather and news. Behind the scenes, it quietly gives a remote website permission to read and write everything copied to a user’s clipboard, without clearly telling them. That means passwords or cryptocurrency wallet addresses could be hijacked while users are none the wiser.
A troubling case highlighted in the research involves outright impersonation. An extension called DPS Websafe claimed to deliver ad-free search results, but instead hijacked searches and tracked users’ activity.
To build trust, it copied the branding and iconography of Adblock Plus, a well-known and legitimate tool. Once installed, it quietly rerouted searches through its own servers, opening the door to tracking, monetization, and potential manipulation of results.
Another one called Children Protection marketed itself as a parental control tool. However, it was found capable of harvesting browser cookies for session hijacking and executing remote code pushed from external servers. Such behavior is typically associated with malware rather than family safety software.
Meanwhile, another browser extension called Stock Informer presents itself as a simple market and currency tracking tool, but researchers found that it quietly hijacks users’ searches and redirects them through monetization services without clear disclosure.
The extension also contains a serious security flaw that could allow attackers to run code inside the browser, turning a basic stock tracker into a real privacy risk. These findings also echo past cases where popular Chrome add-ons like Honey faced scrutiny over its scammy practices.
Researchers say the most unsettling part is that all of these extensions passed through Google’s vetting process and were available on the Chrome Web Store. While some have since been removed, others remain accessible at the time of writing.
The takeaway is simple but uncomfortable. Just because an extension looks useful or verified does not mean it is safe. Hence, users should think twice before installing extensions and handing over access to their browser and data.