Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Malicious browser extensions are a widespread problem.
- Even vetted extensions can be dangerous.
- Here’s what you should do to avoid issues.
Koi Security<!–> investigated a single malicious extension used as a color picker and found it had infected 2.3 million users on Chrome and Edge. Cybernews reported in 2024–> that more than 350 million people downloaded insecure browsers during a two-year period.
Those two facts alone should have you rethinking your stance on browser extensions.
Back when I was working with an IT-managed support company, every time I ran into a computer that was running slowly or having issues, the first thing I would do was check if the user had installed browser extensions. Every time, the first type of extension I would look for was those that promised to offer users the best deals on various types of products. Those “coupon” extensions almost always caused problems.
Also: 5 browser extension rules to live by to keep your system safe in 2025
Malicious browser extensions are a widespread problem. This issue is so out of control, it’s made me rethink my use of extensions to the point that there’s only a single extension I use: Grammarly (and even then, I’m considering switching from the browser extension to a dedicated grammar checker used outside of the web browser).
The problems with browser extensions
Security Daily Review reported<!–> this year that more than 100 malicious Chrome extensions have been masquerading as tools for AI, VPNs, and crypto. Field Effect–> found 33 malicious Chrome extensions that had been installed by more than 2.6 million users. TechRadar reported in July<!–> that 245 browser extensions installed on nearly a million devices were silently disabling key security features in browsers.
Those numbers continue to grow and most likely will not slow down any time soon.
Any browser extension you install could be leading a double life, and it could be logging keystrokes and sending them to a third party. You could even wind up installing an extension with a hidden ransomware payload.
Also: Malicious extensions can use ChatGPT to steal your personal data – here’s how
Most extensions are installed from a dedicated market for the browser you use. One might think those extensions have been fully vetted and safe, yet Bleeping Computer–> reported on August 7, 2025, that yet another malicious campaign, called GreedyBear, was found in 150 different extensions in the Mozilla add-on store.
You can install a perfectly innocent extension that could later be updated with malicious code. This can sometimes happen if an extension is either abandoned and picked up by a bad actor (especially with open-source extensions) or if a developer first releases the extension without the malicious code to get it added to the add-on store, only to then later inject the malicious code.
Let me ask you this: Is any extension really worth the risk?
Also: 5 great Chrome browser alternatives that put your privacy first
Publishers of malicious extensions have become really good at injecting code into what looks like innocent browser apps. Or, even worse, they’ll add third-party branding to their extension to make it look like something you would normally trust.
Consider this: If you do a lot of online shopping, those malicious browser extensions could log your credit card information and either use or sell it.
How to avoid malicious extensions
There are a few possible solutions here:
- Remove all browser extensions.
- Use only browser extensions from trusted sources.
- Check if a browser extension is safe.
Even if you use an extension from a trusted source, it can be difficult to tell if that extension is a rebranded malicious version or the original. For that reason, you should always go to the source site and follow links from there to the extension. At least that way you know you’re not installing a malicious extension masquerading as a trusted tool.
Also: I found a malicious Chrome extension on my system – here’s how and what I did next
Another option is to only install extensions from your browser’s add-on store that are verified. Verified extensions are generally more trustworthy than those that aren’t.
If there are extensions that you must use, consider taking advantage of this free tool<!–> that lets you know if an extension is safe, before you install it.
Never install an extension from outside your browser’s web store. This is 100% an absolute no-no. If you find an extension you want to use and it’s only available outside the browser add-on store, do not install it. Period.
As much as I hate to say this, it’s becoming increasingly difficult to trust browser extensions, and my best advice is to avoid them completely. Yes, that might mean you lose a bit of convenience, but having to take a couple of extra steps to do something is worth it to keep your information and data safe.
Also: Is that extension safe? This free tool lets you know before you install
Even if you use anti-malware/antivirus software, those products aren’t always 100% reliable (especially at detecting malicious browser extensions). If those “anti” solutions were completely trustworthy, we wouldn’t be having this conversation. I’ve even reached the point where I won’t install extensions on Linux because you just never know. The same thing holds true for MacOS.
In the end, you’re simply safer if you remove those browser extensions, switch to a more secure browser, and browse wisely.
–>
