Popular Chrome Extensions Found Leaking Data via Unencrypted Connections

Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users.

A recent investigation has revealed that several widely used Google Chrome extensions are transmitting sensitive user data over unencrypted HTTP connections, exposing millions of users to serious privacy and security risks.

The findings, published by cybersecurity researchers and detailed in a blog post by Symantec, reveal how extensions such as:

PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl)

Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh)

MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl)

SEMRush Rank (ID: idbhoeaiokcojcgappfigpifhpkjgmab)

DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc)

There are other extensions as well that are handling user data in ways that open the door to eavesdropping, profiling, and other attacks.

Extensions That Promise Privacy Are Doing the Opposite

Although these extensions are legitimate and meant to help users monitor web rankings, manage passwords, or improve their browsing experience, behind the scenes, they ...