Google has rolled out an emergency update for Chrome, addressing a critical zero-day vulnerability that’s currently being exploited. This comes as cybersecurity experts have flagged numerous malicious extensions in the Chrome Web Store, impacting millions. These extensions often act as “sleeper agents,” appearing benign until they activate to steal data or hijack search results, with compromised ad blockers and themes being common examples.
Investigations have revealed that many legitimate Chrome extensions are being phished and modified to collect user credentials and session cookies. Another study identified over 35 popular extensions with millions of installs carrying spyware or infostealer behavior. Additionally, new threats like “syncjacking,” which exploits Chrome’s account sync system, and the persistent “Adrozek” malware, which injects fake ads, continue to pose significant risks.
To safeguard your system, it’s crucial to update Chrome to at least version 137.0.7151.68 immediately. Users should also diligently remove unused or suspicious extensions, regularly review permissions, and employ reliable antivirus tools. While Google’s shift to Manifest V3 aims to bolster security, experts caution it’s not a foolproof solution, emphasizing the ongoing need for user vigilance.
