Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

108 Malicious Chrome Extensions Found Stealing Data and Injecting Ads Into Every Page You Visit — Delete Them Right Now

Socket said 108 extensions on the Chrome Web Store used shared infrastructure to steal Google tokens, hijack Telegram sessions, and run ad fraud.

Summary by Tom's Guide
Security researchers have uncovered a new coordinated campaign which uses malicious extensions to steal user data and hijack browsing sessions.

5 Articles

Tom's GuideTom's Guide
Center

108 malicious Chrome extensions found stealing data and injecting ads into every page you visit — delete them right now

Security researchers have uncovered a new coordinated campaign which uses malicious extensions to steal user data and hijack browsing sessions.

Read Full Article
BleepingComputerBleepingComputer
Center

Over 100 Chrome extensions in Web Store target users accounts and data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud.

Read Full Article
diarioestrategia.cldiarioestrategia.cl

Identified 108 Malicious Extensions in Chrome that Steal Data From Google and Telegram

The Socket security platform has identified a total of 108 malicious extensions in the Chrome browser that steal data from Google and Telegram victims and allow 'prompt injection' type attacks.

Read Full Article
NumeramaNumerama

108 Extensions, One Hacker at the Controls? How a Huge Network of Traps on Chrome Has Contaminated Thousands of Victims

In a blog post published on April 13, 2026, Socket's research teams reveal that, for several months, 108 Chrome extensions apparently anodized have secretly worked for the same operator, exfiling sessions, Google identifiers and navigation data to a centralized infrastructure

Read Full Article
The Hacker NewsThe Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Tuesday, April 14, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Telegram icon

Telegram

Infrastructure icon

Infrastructure

Google Chrome icon

Google Chrome

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal