Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
English
Entry № 646

Malicious Browser Extension

What is Malicious Browser Extension?

Malicious Browser ExtensionA browser add-on that abuses its host permissions to steal credentials, hijack sessions, inject ads, or exfiltrate user data, often through compromised updates of legitimate extensions.

Malicious browser extensions are add-ons (Chrome, Edge, Firefox, Safari) that abuse the broad permissions extensions are typically granted — read/modify all sites, access cookies, capture network requests, inject content scripts — to perform attacks far beyond a normal web page. Common patterns include credential and cookie theft, session hijacking, ad injection, search-engine hijacking, cryptominer drop, and exfiltration of corporate SaaS data. Extensions often turn malicious through supply-chain attacks: a developer's account is compromised, an extension is sold to a malicious actor, or a benign dependency is replaced. Defenses include allow-listing extensions in enterprises, monitoring permission changes, using Manifest V3 origin restrictions, and removing unused extensions.

Examples

  1. 01

    A popular extension is sold and updated to inject affiliate links and steal session cookies.

  2. 02

    An OAuth-flow extension exfiltrates Gmail tokens to an attacker-controlled server.

Frequently asked questions

What is Malicious Browser Extension?

A browser add-on that abuses its host permissions to steal credentials, hijack sessions, inject ads, or exfiltrate user data, often through compromised updates of legitimate extensions. It belongs to the Application Security category of cybersecurity.

What does Malicious Browser Extension mean?

A browser add-on that abuses its host permissions to steal credentials, hijack sessions, inject ads, or exfiltrate user data, often through compromised updates of legitimate extensions.

How does Malicious Browser Extension work?

Malicious browser extensions are add-ons (Chrome, Edge, Firefox, Safari) that abuse the broad permissions extensions are typically granted — read/modify all sites, access cookies, capture network requests, inject content scripts — to perform attacks far beyond a normal web page. Common patterns include credential and cookie theft, session hijacking, ad injection, search-engine hijacking, cryptominer drop, and exfiltration of corporate SaaS data. Extensions often turn malicious through supply-chain attacks: a developer's account is compromised, an extension is sold to a malicious actor, or a benign dependency is replaced. Defenses include allow-listing extensions in enterprises, monitoring permission changes, using Manifest V3 origin restrictions, and removing unused extensions.

How do you defend against Malicious Browser Extension?

Defences for Malicious Browser Extension typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for Malicious Browser Extension?

Common alternative names include: Browser extension malware, Rogue extension.

Related terms