Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
A Chrome ad blocker with 10M+ installs was found carrying dormant script-injection code that could be weaponized to manipulate pages and steal data.
What’s new: According to The Hacker News, researchers have identified a widely used Chrome ad-blocking extension — installed on more than 10 million browsers — that ships with dormant code capable of injecting arbitrary scripts into the pages users visit. While the capability was reportedly inactive, its presence means the extension could be weaponized through an update or a server-side trigger to manipulate page content, harvest data, or redirect traffic without the user’s knowledge.
Who’s affected
Anyone running the affected ad blocker is potentially exposed. Browser extensions operate with broad permissions across every site a user visits, so a single trusted-but-compromised extension can undermine the security of an entire browsing session — including logged-in sessions to email, banking, and corporate applications.
What to do
- Audit your installed browser extensions and remove any you do not actively use or recognize.
- Review the permissions each extension requests, and be wary of ad blockers or utilities that ask to “read and change all your data on all websites.”
- Prefer extensions from well-established, audited publishers, and keep your browser updated so malicious updates can be flagged faster.
- For managed environments, use an extension allow-list policy to control what employees can install.
