82 Chrome Extensions Caught Selling User Data to Third Parties, Affecting Millions
- Apr 28
- 2 min read
Key Findings
LayerX Security identified 82 Chrome extensions explicitly reserving the right to sell user data to third parties
At least 6.5 million users are affected across confirmed cases
75 of the 82 extensions remain active on the Chrome Web Store with only 7 removed
Data collection practices are disclosed in privacy policies but largely unnoticed by users
29 extensions operate as sales intelligence tools capturing internal corporate browsing activity
Background
Most people install browser extensions with minimal consideration of the permissions they grant or how their data might be used. A new investigation by LayerX Security examined thousands of Chrome extensions and their associated privacy policies, uncovering a widespread practice of data collection and monetization. Unlike hidden malware, these extensions operate transparently through disclosed policies that most users never read.
The QVI Network
A group of 24 media-related extensions linked to the Quality Viewership Initiative has accumulated around 800,000 installations combined. These tools claim to improve streaming quality by forcing higher resolutions on platforms like Netflix, Hulu, Disney+, and Amazon Prime Video. Behind the scenes, they track viewing history, content preferences, subscription status, and streaming behavior across these services. The extensions also infer demographic information like age and gender by cross-referencing user email addresses with third-party databases when direct data isn't available.
Ad-Blocking Extensions and General Monetization
Twelve ad-blocking extensions with over 5.5 million combined users follow a similar data-selling model. Nearly 50 additional extensions each serving over 100,000 users monetize general web browsing activity through undisclosed data sales. Users installing these tools believe they're gaining functionality while their behavioral data is being packaged and sold to advertisers and data brokers.
Corporate and Intelligence Threats
Twenty-nine of the identified extensions operate as sales intelligence tools, capturing internal browsing activity that includes visits to company systems, SaaS platforms, and research workflows. This data feeds into commercial datasets available to buyers, creating significant exposure for organizations when these extensions reach employee devices. The dual threat affects both individual privacy and corporate security.
Current Status and Recommendations
Researchers confirmed 82 unique extensions across 94 store listings, with the majority still accessible on the Chrome Web Store. Users should avoid installing extensions offering limited value while collecting data, instead sticking to verified tools listed on official websites. Anyone with QVI-related extensions should review and remove unnecessary ones immediately.
Sources
https://hackread.com/82-chrome-extensions-selling-user-data/
https://x.com/HackRead/status/2048855807073087581
https://news.backbox.org/2026/04/27/82-chrome-extensions-found-selling-user-data-6-5-million-users-affected/
https://www.linkedin.com/posts/cyber-news-live_82-chrome-extensions-found-selling-user-data-activity-7454706159095160832-h-oR
https://x.com/Dinosn/status/2048958153211941165

Comments