How is Chrome blocking data-stealing extensions?

Chrome warned over data-stealing Web Store extensions

Chrome users are being cautioned about a cluster of malicious browser extensions that allegedly stole data from thousands of accounts. The reporting ties the issue to experts who identified more than 100 Web Store extensions acting as “stealing” software.

The practical takeaway is that these extensions were available through Chrome’s extension ecosystem and, once installed, could access sensitive user data. While the story emphasizes the scale—thousands of affected accounts—no additional technical breakdown is provided in the summary of the coverage, such as the exact data types targeted (credentials, cookies, profile details, or browsing activity).

Why it matters

Browser extensions are a common route for credential and session theft because they run with permissions inside the browser. Even legitimate-looking extensions can become dangerous if they exfiltrate stored information or inject scripts.

Chrome’s risk also reflects competition dynamics: alongside the warnings, the coverage indicates Microsoft has been using “new prompts in Edge” aimed at stopping users from downloading Chrome extensions in the first place. That suggests users may be getting additional friction or confirmation dialogs when adding new extensions, potentially reducing accidental installs.

What users should do now

• Review installed extensions and remove anything you don’t recognize.
• Disable extensions temporarily to see whether they’re necessary.
• Prefer only extensions you installed intentionally and from well-known developers.
• If you recently installed an extension and you reuse passwords across sites, consider rotating passwords.

In short, the issue is a reminder that the browser app layer remains an attack surface. The best defense is reducing extension permission exposure and being selective about what you install.