Avoiding Popup Pain from Malicious Chrome Extensions
June 2, 2025
There are highly malicious browser extensions making the rounds and affecting Google Chrome and its users. Researchers at SquareX found just one click on these extensions lets cybercriminals clean out password managers, banking info, crypto wallets, and other sensitive data. Until Google protects against this latest hack, it’s every user’s responsibility to protect themselves.
According to SquareX, a vulnerability in the way Chrome is built allows this particular hack to thrive.
With the help of AI, browser extensions are more vulnerable to cybercrime than ever before, and this latest hack is a great example of that. It’s crazy sneaky the way AI helps this killer extension get beyond Chrome’s malware scanning and mask itself as legitimate. An unsuspecting Chrome user downloads what they believe is a useful extension. The extension works exactly as expected, that is, until it takes a criminal turn.
Behind the Masked Extensions
An extension that changes form, in this case with a single click, is called “polymorphous.” That’s what’s behind Chrome extensions looking and functioning legitimately before turning malicious. Once a victim chooses an extension, provides their credentials and clicks on the popup, the masked extension gets to work. It steals every bit of PII stored in a victim’s account and can even help a hacker send phishing emails using your contacts. And like much of cybercrime today, victims are none-the-wiser until it’s too late.
Since these masked extensions aren’t limited to Chrome alone and can’t be fixed with a patch, security experts suggest not using browser extensions until this vulnerability is corrected. In fact, it’s best to avoid browser extensions as much as possible. Take some time to review the ones on your browsers. If you aren’t using them, delete them completely.
SUBSCRIBE TO WEEKLY NEWSLETTER
