A recent security report has uncovered a significant threat to browser safety, revealing over 300 malicious Chrome extensions that have been downloaded more than 37 million times. These deceptive add-ons pose a severe risk to users by tracking their online activities and stealing sensitive credentials and personal data. According to a report from SecurityWeek, these extensions are distributed through various sophisticated attack campaigns, marking a sharp increase in browser-based threats affecting millions of Chrome users.
How Malicious Chrome Extensions Deceive Users
One of the most prominent campaigns, dubbed “AiFrame” by security firm LayerX, involves 32 extensions that cleverly impersonate popular AI assistants such as ChatGPT, Claude, Gemini, and Grok. This campaign alone has successfully compromised over 260,000 users by offering seemingly useful features like AI-powered summarization, writing assistance, and Gmail integration. However, instead of performing these functions locally, the extensions operate through a remote server, creating a dangerous backdoor.
Furthermore, researchers found that these tools, while appearing legitimate on the surface, grant remote access to sensitive browser features. A researcher at LayerX explained that the extensions extract web page content, titles, and text, sending this information directly to third-party servers. Alarmingly, 15 of these extensions were specifically designed to target Gmail, enabling them to read the contents of users’ emails.
The Rise of Account Takeover Campaigns
In another instance, researchers at Koi Security identified a separate network of extensions targeting Russia’s VKontakte social network, affecting nearly 500,000 individuals. This campaign, known as VK Styles, has been active since June 2025 and demonstrates how seemingly harmless customization tools can be weaponized into powerful account takeover mechanisms.
The five extensions associated with this campaign automatically subscribe users to groups controlled by the attackers. To maintain control, they reset account settings every 30 days and manipulate security tokens to bypass safety measures. These findings underscore a growing trend in the abuse of browser extensions. In response, Google reportedly removed or disabled extensions that impacted over 8.8 million Chrome users between late 2024 and early 2026. Attackers often evade detection by republishing the same malicious code under different extension names. Worryingly, some AiFrame extensions were even featured in the Chrome Web Store’s “Featured” list before being removed, lending them an undeserved air of credibility.
So, what are your thoughts on this browser security threat? Share your opinions with us in the comments!
{{user}} {{datetime}}
{{text}}