Google Chrome Warning: Millions of Users at Risk from Hidden Threats

Google has issued an urgent warning for Chrome users. More than 2 billion people are at risk. A high-severity memory flaw was found. Attackers could exploit it through websites you visit.

The bug is known as CVE-2025-8292. Google has already fixed it. All users are advised to update and restart Chrome now. Desktop users must run version 138.0.7204.183 or 138.0.7204.184.

But experts say this is not the whole story. There is an even bigger danger most Chrome users don’t see.

The Hidden Danger: Malicious Chrome Extensions

While CVE-2025-8292 has been patched, security researchers emphasize that Chrome users face a more dangerous, long-term threat: malicious browser extensions.

These extensions may appear safe—even carrying official-looking labels such as “Verified” or “Chrome Featured”—but many have been designed or hijacked to attack users directly.

“Millions of users have their data stolen,” says Vivek Ramachandran, CEO of security firm SquareX, which has released a new report on the issue.

The alarming truth, he explains, is that existing security tools lack visibility into the dynamic behavior of extensions at runtime. This blind spot leaves users exposed to theft, spyware, and session hijacking.

Read More: Over 200,000 WordPress Sites at Risk Post SMTP Plugin Flaw Revealed

A Surge in Malicious Extensions

SquareX highlights a disturbing trend in recent years: the rise of dangerous Chrome extensions. Some examples include Geco Colorpick, Cyberhaven, and The Great Suspender.

These extensions have been caught engaging in malicious activities such as:

• Stealing personal and session data

• Exfiltrating cookies

• Spreading spyware

• Hijacking browser sessions

What makes this worse is that some of these extensions started as safe. Over time, they became malicious after being compromised or sold to bad actors—turning trusted tools into silent threats with massive installed user bases.

Why “Verified” Extensions Aren’t Always Safe

Many users and even enterprises assume that browser store labels like “Verified” or “Chrome Featured” guarantee security.

According to SquareX, this assumption is dangerously flawed. The reality is that browser vendors and enterprises lack the tools to fully analyze extensions before approving them.

Attackers can exploit this weakness by inflating ratings, posting fake reviews, and driving mass downloads. This allows malicious extensions to slip through store safeguards undetected.

Why Extensions Are So Powerful—and So Risky

Browser extensions often have permissions that give them extraordinary access to your device and data. SquareX warns that extensions can:

• Access HTTP-only cookies

• Bypass cross-origin request restrictions

• Observe tab activity and updates

• Inject and run scripts on web pages

• Read and modify page content

• Access local and session storage

• Hijack web functions and APIs

• Inspect web requests

• Force notification and popup permissions

• Take screenshots and record active tabs

These so-called “superpowers” make extensions an ideal target for hackers. Once installed, they can silently monitor, steal, or manipulate data without the user realizing.

Read More: Think twice before giving AI access to your personal data for privacy and security

What Chrome Users Should Do

While updating Chrome to the latest version is critical, it’s only the first step in staying safe. The real danger lies in malicious extensions, which may already be installed on millions of devices.

To protect yourself:

• Regularly review your installed extensions

• Remove any you no longer use or don’t fully trust

• Be wary of extensions—even if they appear “verified”

• Avoid installing tools with suspicious reviews or massive downloads in a short time

The truth is simple: while Google is quick to patch browser vulnerabilities, the bigger threat is often hidden in plain sight, disguised as the extensions many of us install every day.