Security researcher finds 287 Chrome extensions leaking data • The Register

Staff Editor 2026-02-11
Security researcher finds 287 Chrome extensions leaking data • The Register

Security researcher finds 287 Chrome extensions leaking data • The Register

https://www.theregister.com/2026/02/11/security_researcher_287_chrome_extensions_data_leak/

Publish Date: 2026-02-11 16:23:00

Source Domain: www.theregister.com

They know where you’ve been and they’re going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.

Browsing history data – a record of websites visited – reveals potentially sensitive information about people’s activities and interests. Though it may be anonymized, academics have shown [PDF] that you can often trace it back to individuals using public social media profiles. 

The sharing of browsing history data thus erodes personal privacy, though at least some of the info harvesting the researcher detected is disclosed in privacy policies. Even so, individuals who have installed these extensions may not realize that the privacy policies they accepted were not promising privacy.

The researcher, who goes by the name “Q Continuum” in a nod to Star Trek: The Next Generation, explained the motivation for the project in an online post, acknowledging that data harvesting of this sort is a longstanding concern for browser extensions.

Indeed, it was only two months ago that we reported on how several ad blocking and VPN extensions in the Chrome Web Store were spotted capturing chatbot conversations. And in March 2025, we discussed research showing that generative AI extensions were found to be capturing and sharing sensitive user data. Also, as we’ve noted, developers of popular Chrome extensions face constant solicitations to sell out to buyers interested in inserting data gathering scripts.

Q observes that Chrome extensions in the past have been called out for exfiltrating user browsing data that gets collected by data brokers like Similarweb and Alexa. The research report [PDF] represents an effort to document that web analytics biz Similarweb and other data harvesting companies are still at it.

“Why…

Source

More Stories

Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06
Franklin Student is a Cyber Security Champ at Bridgewater State

Franklin Student is a Cyber Security Champ at Bridgewater State

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy