ADVERTISEMENT

Who owns your Chrome extension? Researchers warn side projects are being turned into malware

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running inside thousands of browsers?

vulnerability in chrome allowed extensions to hijack new gemini panel

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Mar 11, 2026 2 min read
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
ShotBirdExtension2
Image by monxresearch-sec/github.com

QuickLens extension: compromised ownership

Chrome, browser extension malware
There's a Chrome extension supply chain problem involving ownership transfer, security researchers warn. Image by Cybernews.
ADVERTISEMENT

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

Browser extensions and the “supply chain problem”

"This is the extension supply chain problem in a nutshell. A 'Featured,' reviewed, functional extension changes hands, and the new owner pushes a weaponized update to every existing user."
John Tuckner, founder and researcher, Annex Security

ADVERTISEMENT