82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected
82 Chrome extensions found selling user data to third parties, affecting 6.5M users.
Summary
LayerX Security identified 82 Chrome extensions that explicitly reserve the right to collect and sell user data, affecting at least 6.5 million users. The extensions include 24 media-related tools linked to the Quality Viewership Initiative that track streaming activity across Netflix, Hulu, Disney+, and Prime Video, plus 12 ad-blocking tools with over 5.5 million combined users. As of the report, 75 of the 82 malicious extensions remain active on the Chrome Web Store despite the disclosed but concerning data monetization practices.
Full text
Security Privacy Surveillance82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices. byWaqasApril 27, 20262 minute read Most people install browser extensions without giving them much thought. Recent incidents, along with a new investigation by LayerX Security in its Enterprise Browser Extension Security Report for 2026, suggest that dozens of these tools collect personal data and sell it to third parties. The company reviewed privacy policies linked to thousands of Chrome extensions and identified 82 that explicitly reserve the right to sell user data. These are not hidden malware programs; their data collection and sales practices are stated in their policies. One group of 24 media-related extensions, according to LayerX Security, has reached around 800,000 installations. These extensions are linked to the Quality Viewership Initiative, or QVI, described as a collaborative effort aimed at improving streaming quality by forcing higher resolutions such as 1080p on Chrome. Researchers, however, found that these tools track activity across platforms, including Netflix, Hulu, Disney+, and Amazon Prime Video. The data collected includes viewing history, content preferences, subscription status, downloaded items, and streaming behavior. In some cases, the extensions also infer age and gender by matching user email addresses with third-party demographic databases when that information is not directly provided. Chrome Web Store page for the “Custom Profile Picture for Netflix QVI” extension (Image via LayerX) LayerX Security’s report, shared with Hackread.com ahead of publishing on Monday, also found that 12 ad-blocking extensions have a combined user base of more than 5.5 million and follow a similar model of collecting and selling browsing data. Nearly 50 additional Chrome extensions account for over 100,000 users while monetizing general web activity. In total, the confirmed cases affect at least 6.5 million users. Further analysis shows that 29 of the 82 Chrome extensions operate as sales intelligence tools. These can capture internal browsing activity, including visits to company systems, SaaS platforms, and research workflows, and feed that data into commercial datasets accessible to buyers. Result? Everyday users end up with their entertainment choices and online habits being sold to advertisers, meanwhile companies face exposure when similar extensions reach employee devices. At the time of writing, researchers have identified 82 unique extensions across 94 store listings. Of these, 75 remain live on the Chrome Web Store, while only 7 have been removed so far. It is advisable to avoid installing browser extensions or plugins that offer limited value while collecting user data. Stick to tools that are verified and listed on a service’s official website. If you have any QVI-related extensions installed on Chrome, review them here and remove any that are not necessary. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts BrowserChromeCybersecurityData SecurityExtensionsLayerXPrivacysecurity Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Artificial Intelligence AI Bot Hackerbot-Claw Targets Microsoft, DataDog and CNCF GitHub Repos Security firm Pillar reveals the Chaos Agent in which Hackerbot-Claw, an AI agent, used natural language to compromise major GitHub projects and hijack developer tools. byDeeba Ahmed Security Researchers find critical security flaws in popular car models Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital… byWaqas Read More Security Pwn2Own Ireland 2025: The Hacks, The Winners, and The Big Payouts Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn. byWaqas Read More Security Crypto Malware npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching. byDeeba Ahmed
Indicators of Compromise
- malware — Quality Viewership Initiative (QVI) Chrome extensions
- malware — Ad-blocking Chrome extensions (12 identified)