Our Cyber Security Manager shares an important update on upcoming changes to Chrome browser extensions.
Most of us install browser extensions without thinking twice.
Dark mode. Grammar checker. AI sidebar. Screenshot tool. Calendar helper.
They’re small. Convenient. Harmless… right? Unfortunately, not always.
I know what you’re thinking, “We’re about to lose the ability to install extensions.”
And yes, that is true.
But bear with me, there is a good reason for the change.
Why are we doing this?
Over the last few months, we’ve seen an increase in security incidents involving malicious browser extensions designed to:
- Steal saved passwords
- Capture browsing history and search queries
- Extract authentication tokens
- Harvest AI conversations (including ChatGPT and DeepSeek)
- Exfiltrate sensitive organisational data
Because browser extensions sit inside your browser, they can often see more than you realise. In some cases, they can read and change data across every website you visit…that is a lot, right?!
Real life examples
Yes, the first one involves AI.
I’m not bashing AI, it absolutely has its place, but it is being actively exploited right now, so we need to be mindful.
Security researchers recently identified two malicious Chrome extensions:
- “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI”
- “AI Sidebar with Deepseek, ChatGPT, Claude and more”
These extensions:
- Impersonated a legitimate AI tool
- Reached over 900,000 downloads
- Claimed to collect “anonymous analytics data”
- Secretly exfiltrated:
- Full ChatGPT and DeepSeek conversations
- All open Chrome tab URLs
- Search queries
- URL parameters containing session tokens and authentication data
Depending on how someone was using their browser, that could potentially expose:
- Source code
- Internal system URLs
- Business strategies
- Personal data
Another example is a large-scale campaign known as DarkSpectre whereby attackers used seemingly legitimate extensions across Chrome, Edge, and Firefox to infect over 8.8 million users worldwide, often by publishing trustworthy add-ons and later updating them with malicious code.
These extensions were able to collect sensitive data such as browsing activity and online meeting details, demonstrating that even widely used and well reviewed add-ons can become a security risk.
The extensions have now been removed from the Chrome Web Store but their download numbers show how convincing these tools can be. Realistically, we cannot expect every user to meticulously analyse every extension’s permissions, especially when they are deliberately designed to make access and consent confusing.
What is changing?
As such, the easiest and best way to manage the risk, was to change how we manage Chrome extensions on University devices.
- Users will no longer be able to freely install Chrome extensions
- This already applies in Microsoft Edge
- Chrome will now follow the same controlled approach
If you try to install an extension, you may see a message that it has been blocked. This is expected behaviour and is similar to what you see in Edge.
If you genuinely need an extension for teaching, research, or operational work, simply submit a request via Unidesk, and we will review it.
Our aim is not to block productivity, it’s to ensure extensions are safe before they are introduced into our environment.