Millions of Chrome Users Warned: Time to Remove Bad Extensions

Google recently issued an emergency update to alert its Chrome users. As it turns out, Google is aiming to patch a zero-day vulnerability actively exploited by attackers. At the same time, cybersecurity experts have flagged dozens of malicious extensions lurking in the Chrome Web Store and installed on millions of browsers.

What the researchers found is a “sleeper agent” strategy where seemingly benign extensions await activation to steal data or hijack search results. Over 3.2 million Chrome users may be using compromised ad blockers, themes, and keyboard tools, which inject malicious code for credential theft and search-engine fraud.

Academic investigations show roughly 30 Chrome extensions were phished and modified to collect credentials and session cookies from users. Another study found more than 35 popular extensions, with over four million installs may carry spyware or infostealer behavior.

Security researchers also uncovered “syncjacking,” a novel malware trick that takes advantage of Chrome’s account sync system. Meanwhile, “Adrozek” remains a silent risk. This malware injects fake ads across browsers and has compromised over 30,000 devices daily during its peak.

Experts advise updating Chrome to at least version 137.0.7151.68 to eliminate active exploits. Users should remove unused or suspicious extensions, review permissions regularly, enforce browser policies, and use reliable antivirus tools. Google’s shift to Manifest V3 aims to curb extension-based attacks, though researchers note it is not a foolproof solution.