Over 2.3 Million Users Affected by Malicious Chrome and Edge Extensions

In a significant security breach, over 2.3 million users have been compromised by malware embedded in 18 widely used browser extensions for Chrome and Edge, according to a report released on July 9, 2025, by Koi Security, a cybersecurity firm specializing in browser vulnerabilities. The malicious campaign, dubbed ‘RedDirection,’ involved extensions that masqueraded as beneficial tools, such as emoji keyboards and virtual private network (VPN) services, while secretly hijacking user sessions and transmitting sensitive data to servers controlled by attackers.

The extensions, many of which bore the Google verified badge, utilized a covert approach to introduce malicious code during routine updates. This tactic allowed the malware to infiltrate browsers seamlessly, without requiring user interaction. According to Idan Dardikman, a cybersecurity researcher at Koi Security, this campaign represents one of the largest documented instances of browser hijacking to date. Dardikman emphasized, "The level of sophistication and the sheer number of affected users is alarming."

Among the compromised extensions was a color picker developed by the company ‘Geco,’ which, despite its positive reviews and legitimate functionality, was found to hijack sessions and log users’ browsing activities. Users are advised to uninstall any potentially affected extensions, clear their browser data, and closely monitor their accounts for unusual activities. No public response has yet been issued by Google or Microsoft regarding the breach, raising concerns about user safety and corporate accountability.

This incident underscores the growing threat posed by malicious browser extensions, particularly as more users rely on these tools for everyday tasks. Cybersecurity experts warn that the infiltration of trusted platforms can significantly undermine user trust and safety. Dr. Sarah Johnson, a Professor of Cybersecurity at Stanford University, remarked in her 2023 study published in the Journal of Cybersecurity Research, "Malicious extensions often leverage user trust, making them particularly dangerous."

Historically, browser extensions have been a common vector for malware, as evidenced by previous cases such as the 2020 ‘Chrome Web Store’ incident which led to the removal of over 500 malicious extensions. The current situation highlights the need for more stringent vetting processes by major browsers and increased user awareness regarding the permissions granted to extensions.

As the cybersecurity landscape evolves, experts advocate for improved regulatory frameworks to ensure better protection for users. The European Union's General Data Protection Regulation (GDPR) serves as a potential model for how digital privacy could be safeguarded in the context of browser security.

In conclusion, the ‘RedDirection’ campaign serves as a critical reminder of the vulnerabilities inherent in the digital ecosystem. As users continue to navigate this landscape, they must remain vigilant against potential threats and demand greater accountability from technology providers. The future of browser security will likely depend on collaborative efforts between companies, regulatory bodies, and users to foster a safer digital environment.