Google Chrome users urged to check now for these password-stealing add-ons

04 September 2023 , 11:28

1005     0

Browser extensions on Google Chrome can be useful - but they might also be risky

Google Chrome users are being urged to check their web browser for dodgy add-ons—after it was revealed that thousands of browser extensions are putting passwords at risk.

A new report from cybersecurity researchers at the University of Wisconsin-Madison claims that roughly 17,300 Chrome browser extensions are able to extract passwords and other sensitive information from dozens of websites, including sites like Google, Facebook and Amazon.

The extensions in question ask users for permission to 'access your data on all websites' or 'read all your data on all websites'. They can then use this to see the passwords you type in.

READ MORE: Google issues another urgent Chrome alert and ignoring it will put your browser at risk

In the case of Amazon, users' credit card details are even visible on the site's source code, meaning that browser extensions of this kind can easily grab them and hand them over to cyber criminals.

Walking tracker one of 12 apps banned by Google as users urged to delete them

Many Chrome extensions ask for permission to access your data on all websites - but this could put your passwords at risk (Getty)

Many different browser extensions are affected, including popular ad blockers. While some of these extensions may not be malicious in themselves, they could be misused by hackers in order to gain access to users' sensitive data.

How to view and manage your Google Chrome browser extensions

The upside of all this is that it's really easy to see what browser extensions you have installed on Google Chrome, as well as manage what permissions they have.

1. Open Chrome on your desktop PC or handheld device
2. Click the three dots in the top right corner then 'Settings' near the bottom of the menu that appears
3. Click 'Extensions' in the menu on the left of the screen. A page should appear showing all of your current browser extensions
4. To find out what permissions an extension has: Click 'details' and look for the section that says 'Permissions'
5. To delete or remove a Chrome browser extension, simply click 'Remove extension' or toggle the 'On' switch if you want to just disable it temporarily.

Chrome's Settings page has everything you need to take back control of dodgy browser extensions

The researchers tested the exploit by creating a fake browser extension. It was successfully accepted on the Chrome Web Store and was capable of stealing passwords using the same methods that they identified.

A spokesperson for Google released a statement confirming they are looking into the issue. Find out more about Chrome Extension permissions

Ciaran Daly