There’s news that’s out which details a set of 30 malicious Chrome extensions installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
Borja Rodriguez, Manager of Threat Intelligence Operations at Outpost24, has provided the following commentary:
“We have repeatedly seen malicious browser extensions bypass review processes and reach significant user adoption before removal. In this case, some extensions accumulated tens of thousands of installs, and others remain available even after public disclosure. That raises legitimate questions about the effectiveness, speed, and consistency of Google’s vetting and monitoring mechanisms for Chrome Web Store submissions.
Over the past few years, Google has demonstrated that it can strictly enforce policy decisions when they align with its strategic priorities, including restrictions that affected ad and tracker blocking extensions. That level of enforcement shows the company has both the technical capability and operational control to act decisively when it chooses to.
However, malicious extensions continue to surface and operate at scale. This suggests that either the automated review systems are insufficient to detect certain abuse patterns, or post publication monitoring and rapid takedown processes are not robust enough to limit exposure. Given the scale of Chrome’s user base, even a short window of exposure can translate into hundreds of thousands of victims.
The broader concern is trust. Users reasonably assume that extensions listed in an official store have undergone meaningful security scrutiny. When campaigns like this repeatedly succeed, that trust erodes. Stronger proactive detection, improved behavioral analysis of extensions after publication, and faster response cycles are essential to reduce systemic risk.”
This once again highlights the fact that just because something exists, doesn’t mean that you should install it. Especially in the age of AI where your attempt to use what I call “the new hotness” may get you pwned.
Like this:
Like Loading...
Related
This entry was posted on February 13, 2026 at 11:19 am and is filed under Commentary with tags Chrome, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Fake AI Chrome extensions with 300K users steal credentials, emails
There’s news that’s out which details a set of 30 malicious Chrome extensions installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
Borja Rodriguez, Manager of Threat Intelligence Operations at Outpost24, has provided the following commentary:
“We have repeatedly seen malicious browser extensions bypass review processes and reach significant user adoption before removal. In this case, some extensions accumulated tens of thousands of installs, and others remain available even after public disclosure. That raises legitimate questions about the effectiveness, speed, and consistency of Google’s vetting and monitoring mechanisms for Chrome Web Store submissions.
Over the past few years, Google has demonstrated that it can strictly enforce policy decisions when they align with its strategic priorities, including restrictions that affected ad and tracker blocking extensions. That level of enforcement shows the company has both the technical capability and operational control to act decisively when it chooses to.
However, malicious extensions continue to surface and operate at scale. This suggests that either the automated review systems are insufficient to detect certain abuse patterns, or post publication monitoring and rapid takedown processes are not robust enough to limit exposure. Given the scale of Chrome’s user base, even a short window of exposure can translate into hundreds of thousands of victims.
The broader concern is trust. Users reasonably assume that extensions listed in an official store have undergone meaningful security scrutiny. When campaigns like this repeatedly succeed, that trust erodes. Stronger proactive detection, improved behavioral analysis of extensions after publication, and faster response cycles are essential to reduce systemic risk.”
This once again highlights the fact that just because something exists, doesn’t mean that you should install it. Especially in the age of AI where your attempt to use what I call “the new hotness” may get you pwned.
Share this:
Like this:
Related
This entry was posted on February 13, 2026 at 11:19 am and is filed under Commentary with tags Chrome, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.