232/69 Wednesday, April 29, 2026
A 2026 report by LayerX Security reveals that at least 82 extensions on Google Chrome have been found secretly collecting users’ personal data and selling it to third parties, impacting more than 6.5 million users worldwide. Notably, these tools are not traditional malware. Instead, they explicitly disclose data-sharing practices in their privacy policies-details that many users overlook and accept without careful review during installation.
The most concerning category includes entertainment-related extensions tied to the Quality Viewership Initiative (QVI), such as tools for customizing profile pictures or adjusting video resolution for platforms like Netflix and Disney+, with over 800,000 combined installs. These extensions track detailed viewing behavior, including watch history, personal preferences, and subscription status. Additionally, 12 ad-blocking extensions-with a combined user base exceeding 5.5 million-exhibit similar data-collection practices. Business-related tools were also identified as potentially harvesting internal system usage data and SaaS platform activity to compile datasets for commercial purposes.
Currently, 75 of the identified extensions remain available on the Chrome Web Store. Users are strongly advised to review installed extensions immediately and remove any that are unnecessary or from unknown developers. In particular, QVI-related extensions should be avoided, especially those offering minimal functionality while requesting extensive browsing permissions. Users should rely only on tools verified by official service providers to prevent their personal data and online behavior from being unknowingly monetized.
Source https://hackread.com/82-chrome-extensions-selling-user-data/