More than a hundred Chrome extensions have been found causing significant issues. See if you're using any of them.

      Over 100 Chrome extensions have been connected to a large-scale campaign that gathered identity information, facilitated unauthorized browser actions, and, in one instance, extracted live session data from Telegram Web. Researchers identified 108 extensions associated with the same control network, accumulating approximately 20,000 installs recorded in the Chrome Web Store at the time of the report's release.

      What makes this incident particularly concerning is its breadth. The extensions masqueraded as tools for Telegram, slot and Keno games, translation services, YouTube and TikTok aids, as well as basic page tools, which allowed the scheme to seamlessly blend into the types of software that people typically install without much scrutiny. You can view the entire list here.

      According to researchers, these extensions were still operational when the report was published, and requests for their removal had already been submitted. This adds an urgent dimension for Chrome users who have not reviewed their extensions recently.

      The malicious behaviors varied significantly

      The impact was not restricted to a single method. The investigation revealed that 54 extensions harvested Google account identity information after users clicked the sign-in button, while one extension focused on Telegram extracted active Telegram Web session data every 15 seconds. Additionally, another 45 extensions contained a feature that could launch random URLs upon starting Chrome, regardless of whether the user had accessed the extension that day.

      Other extensions compromised security features on sites like Telegram, YouTube, and TikTok, injecting overlays, advertisements, or scripts into webpages. One translation extension also routed submitted text through the operator's server, transforming a basic tool into a potential surveillance threat.

      Why this should alarm everyday Chrome users

      The main concern lies in how innocuous the extensions appeared. These weren't merely obscure tools for advanced users. The collection included games, browser helpers, sidebar clients, and translation add-ons—precisely the type of extras users often install because the store page appears sophisticated and the features seem beneficial.

      Extensions also tend to blend into the background once installed. In this instance, researchers linked activity from this diverse array of extensions back to a single backend infrastructure, turning a seemingly random assortment of add-ons into a coordinated operation capable of collecting data or modifying the browsing experience in multiple ways.

      Review your extensions now

      The best course of action is to inspect what is installed in Chrome, particularly any extensions related to Telegram, lightweight games, translation, or sidebar utilities that requested sign-in permissions without a clear justification. The research details 108 extensions by name and ID, strongly recommending the immediate removal of any that match.

      The highest-risk situation appears to be the Telegram extension that consistently extracted web session data. Anyone who used it while logged into Telegram Web should log out of all other Telegram sessions via the mobile app, and users who accessed one of the Google-linked extensions should check their account permissions and revoke access to anything unfamiliar.