Extensions are part of why Chrome is the most popular browser on the planet, but they’re also one of the most common vectors for security issues. This week researchers at AdGuard found a bunch of them posing as legitimate tools but injecting fake search results into pages on Google and Bing.
According to the report, no less than 295 extensions featured on the Chrome Web Store (Google’s online repository of Chrome extensions) were injecting advertising links into search results. Collectively, they were being used by an estimated 80 million users. In an especially unfunny twist, many of the extensions were posing as ad-blocking tools, with most offered as frivolous wallpaper collections and new tab themes. Other phony techniques on display include false affiliate cookies and just straight-up spam.
Google seems to have removed the malicious extensions from the Chrome Web Store, but users still need to remove them manually from their browsers if they’re already installed. If you’re curious to find out if you have any of these extensions installed, you can take a look at the full list.