List of malicious Chrome extensions

Shortcuts aren’t just for keyboards. Digital browsers use various online shortcuts regularly, such as web extensions – which can help them surf the web quickly.

Unfortunately, not all shortcuts are safe and secure. Our list of rogue Chrome extensions reveals the dangers lurking behind unlisted, poorly scanned, and freely available third-party downloads on the web.

premium protection services from Panda Security can help you keep your browsers and devices safe, even from malicious extensions. Combining these protections with knowledge about dangerous plug-ins, how to spot them, and how to remove them can help online users navigate the web without compromising privacy and security.

What is a browser extension?

A browser extension is software that does exactly what the name suggests: it extends your browser, or browser-specific tools, to other web pages. These extensions can analyze information, modify or edit user actions, and provide additional functionality on various browsing sites.

Some of the most common browser extensions are Grammarly, AdBlock, LastPass, Google Calendar, and Scribe. While most browser extensions are harmless and can be incredibly useful, users can still unknowingly download malicious software that can access personal information or cause damage to devices.

Popular malicious Chrome extensions

Google’s Chrome is the most popular web browser in the world, supporting more than 130,000 unique browser extensions. Most of these unique extensions are safe and compatible with Chrome itself, but some popular extensions have been identified as malicious.

These malicious Chrome extensions may contain malware, insert affiliate links on web pages and internally damage systems. This list includes some of the most notorious extensions that Chrome users should be aware of.

netflix party

Designed to allow synchronized viewing of media, the Netflix Party extension was actually used for affiliate links. This plugin would track a user’s information fingerprint and inject affiliate links on the appropriate pages. Owners of this extension can earn profit based on the user’s browsing history.

netflix party 2

Netflix Party 2 was similar to its predecessor Netflix Party, which also attempted to inject affiliate links into a user’s browsing. Plugins of this variety, including Netflix Party 1 and 2, can even hide their malicious intent by waiting several days before injecting links.

Full Page Screenshot — Screenshot

More than 200,000 users downloaded the Chrome extension Full Page Screenshot – Screenshot before its malicious behavior was discovered. Designed to take screenshots of web pages with a single click, this extension also tracked user data and changed the location of certain cookies on e-commerce sites to disguise a user’s source URL as a referring site.

frigate light

Chrome extensions have various uses and friGate Light was designed to access blocked sites and encrypt user traffic data. However, this extension also harbored malware, which was used to access user data. Also, users who downloaded this extension were asked to give friGate Light permission to access sensitive data.

cdn frigate

Like friGate Light, friGate CDN was designed to provide users with access to blocked websites. This extension also harbored malware, which could access sensitive user data. This extension also redirected users to secondary sites through its proxy, which could have been used to collect data and infect more devices.


Have you ever wanted to download media from your favorite sites (YouTube, TikTok, Facebook and more) with just one click? If so, you’re not alone, and that’s why SaveFrom.Net became popular. This extension allows users to download videos and music but also collects user data like IP addresses and browsing behavior, which has been and can be filtered when using the site.


SHARPEXT is well known in the email world. spyware. This extension was created and implemented by SharpTongue, also known as Kimsuky. SharpTongue is an infamous bad actor known for stealing and revealing private information, including usernames and passwords. SHARPEXT was designed to infiltrate email accounts, extract sensitive data, and continuously spy on user behavior.

Hello VPN – The Website Unblocker

It’s frustrating when you need to access a website or want to watch a movie, but your country can’t. Hola VPN is a free and unlimited website unblocker created to remove these obstacles from a user’s online experience. However, this rogue Chrome extension has experienced several security breaches and weaknesses by secretly tracking behavior and leaving web traffic unencrypted.

inactive colors campaign

The extension campaign, Dormant Colors, is not a single malicious Chrome extension; in fact, that’s 30 unique and dangerous plugins that millions of users have downloaded. These extensions were injected with malicious code after their initial introduction to the web store and were corrupted into information-stealing extensions. Unfortunately, this campaign is still running despite the fact that many affected extensions have been disabled.

How to detect malicious Chrome extensions

The above list of malicious Chrome extensions contains only the most popular and dangerous plugins. It is possible, and likely, that other extensions also contain dangerous malware or other malicious programs. These tips can help you identify malicious Chrome extensions on your devices:

  • Analyze an extension reviews and installations. Users who have fallen victim to a malicious Chrome extension may disclose this in a review. Furthermore, extensions with fewer downloads could also be dangerous.
  • Pay attention to permissions Malicious extensions may request permission to access unnecessary programs or personal information.
  • Investigate extension owners Whenever possible, only download extensions created and distributed by popular and well-known companies to limit potential malware downloads.
  • Maintain devices and Chrome updated. Operating system updates often include new protections and warnings about identified malware and dangerous extensions.
  • Install anti virus software. This software will automatically notify you of any malicious activity on your device.

How to remove an extension from Chrome

Similar to removing a virus, malicious extensions should be removed from Chrome as soon as they are detected. Once Chrome is downloaded to your device, you can remove these plugins in 7 simple steps.

Step 1: Launch Chrome.

Step 2: Open chrome settings. This can be accessed via the three vertical dots in the top right corner.

Step 3: Open the drop down menu below more tools.

Stage 4: Click on extensions.

Step 5: Identify the extension want to remove by scrolling down the page or by searching for the plugin name.

Step 6: Select Eliminate.

Step 7: On the popup screen, select Eliminate again.

These steps can be repeated as many times as necessary to remove any unwanted or malicious extensions from Chrome. Also, consider using a private search engine to help keep your information protected from potentially malicious plugins.

While the plugins in this list of malicious Chrome extensions do exist and can cause extensive damage to personal devices, Panda Security can help. clean your pc and optimize your systems. Chrome constantly updates plugins and removes known malware from its extension library, providing additional protection against digital perils.

Sources: software test help | Oberlo | computer beep | wonderful fox | volexity | Top10VPN