Millions of Chrome Users Affected by Data-Leaking Extensions in Large-Scale Investigation A recent security investigation has exposed 287 Chrome extensions secretly transmitting users’ browsing data to remote servers, impacting an estimated 37.4 million installs roughly 1% of Chrome’s global user base. Researchers developed an automated testing pipeline to detect this "spying" behavior at scale, analyzing network traffic rather than relying on extension permissions or descriptions. The team ran Chrome in a Docker container, routing traffic through a man-in-the-middle (MITM) proxy to monitor outbound data. By visiting controlled web addresses, they identified extensions that leaked URLs or other sensitive information. Their method measured traffic growth relative to URL length, using a leakage metric to flag extensions sending data to third parties. Extensions with a leakage ratio (R) ≥ 1.0 were classified as "definitely leaking," while those with 0.1 ≤ R < 1.0 underwent manual review. The scanning effort required 930 CPU-days, with each extension taking about 10 minutes to analyze. To prevent evasion, the researchers withheld full technical details of their detection methods. The findings, including a detailed report and interactive HTML version, were published on GitHub. The extensions sent data to a mix of well-known analytics firms, data brokers, and obscure actors, including Similarweb, Big Star Labs (linked to Similarweb), Curly Doggo, Offidocs, and Chinese-linked entities. Leaked URLs often contained personal identifiers, password reset links, document names, and internal admin paths, posing risks for privacy violations and targeted attacks. To track downstream use, the team deployed "honey URLs" decoy links designed to attract scrapers. Multiple IP ranges, including those tied to Kontera (AWS NAT endpoints), HashDit, and Blocksi AI Web Filter, repeatedly accessed these links, suggesting the data was re-queried or resold. The investigation highlights the scale and sophistication of browser extension-based data collection, with implications for both individual users and organizations.