In 2024–25, Google removed several high-profile Chrome extensions for violating security policies, manipulating user data, or breaching developer guidelines. Millions of users were affected as malicious code, hijacked developer accounts, and policy violations triggered a wave of takedowns.
This article breaks down which extensions were banned, why they were removed, and what it means for Chrome users going forward.
Chrome Extensions Compromised or Removed in Late 2024
December 2024 campaign was first discovered by Cyberhaven on December 27, 2024, after their own extension was compromised. GitLab Security and other researchers subsequently identified additional compromised extensions. [Global Anti-Scam Alliance/The Hacker News]
February/March 2025 Compromised Chrome Extensions
December 2024: Cyberhaven-led discovery of compromised extensions affecting ~2.6 million users Cyberhaven Chrome Extension Breach: Phishing Attack Targets Developers
February/March 2025: GitLab discovered 16 additional malicious extensions affecting 3.2 million users Popular Chrome extensions, including ad blockers, got hijacked.
| Extension Name | Use of the App |
|---|---|
| Blipshot: one click full page screenshots | Screenshot tool |
| Emojis – Emoji Keyboard | Emoji input |
| WAToolkit | WhatsApp toolkit |
| Color Changer for YouTube | YouTube customization |
| Video Effects for YouTube And Audio Enhancer | YouTube enhancement |
| Themes for Chrome and YouTube™ Picture in Picture | Browser/YouTube theming |
| Mike Adblock für Chrome | Chrome-Werbeblocker | Ad blocking |
| Page Refresh | Page refresh functionality |
| Wistia Video Downloader | Video downloading |
| Super dark mode | Dark theme |
| Emoji keyboard emojis for chrome | Emoji input |
| Adblocker for Chrome – NoAds | Ad blocking |
| Adblock for You | Ad blocking |
| Adblock for Chrome | Ad blocking |
| Nimble capture | Screen capture |
| KProxy | Proxy service |
Sources:
- GitLab Security Tech Notes: “Malicious browser extensions impacting at least 3.2 million users” – Primary threat intelligence report and technical analysis
- Tom’s Guide: “Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk” – Security reporting
- AdGuard Blog: “Popular Chrome extensions, including ad blockers, got hijacked” – Analysis of ad blocker compromises
- Fox News/CyberGuy: “16 hijacked browser extensions expose 3.2 million users” – Consumer security advisory
- Cybersecurity News: “16 Malicious Chrome Extensions Infected Over 3.2 Million Users” – Technical attack analysis
Chrome Extensions Removed After Compromise (Early 2025)
In February and March 2025, threat intelligence firm GitLab and Tom’s Guide flagged 16 popular extensions—including emoji keyboards, ad blockers, screen capture tools—infected via developers’ accounts and pushed via auto‑update on the storefront. These reached over 3.2 million users before Google pulled them. (Source: The Verge)
| Extension | Status |
|---|---|
| uBlock Origin | Being disabled due to Manifest V3 transition |
| uBlock Origin Lite | Available as Manifest V3 compatible alternative |
| AdGuard | Updated to Manifest V3 compliance |
| Ghostery | Manifest V3 compliant |
| uMatrix | Being disabled due to Manifest V3 transition |
| NoScript | Being disabled due to Manifest V3 transition |
| Privacy Badger | Being disabled due to Manifest V3 transition |
| Decentraleyes | Being disabled due to Manifest V3 transition |
| ClearURLs | Being disabled due to Manifest V3 transition |
| DuckDuckGo Privacy Essentials | Updated to Manifest V3 compliance |
| Disconnect | Being disabled due to Manifest V3 transition |
| All other Manifest V2 Extensions | Will be removed by June 2025 if not updated |
Sources
PCWorld: “uBlock Origin is officially dead for Chrome, but ad blockers live on”
BleepingComputer: “Google Chrome disables uBlock Origin for some in Manifest v3 rollout”
Technowize: “Google Is Disabling uBlock Origin, Alternatives You Can Try in 2025”
Dataconomy: “Best UBlock Alternatives For 2025 After Google Chrome’s Ban”
Ghostery Blog: “uBlock Origin No Longer Supported On Chrome: Best Fixes”
uBlock Origin Official: About Google Chrome’s “This extension may soon no longer be supported”
uBlock Origin Website: Official uBlock Origin site
Popular Case Studies
uBlock
- What happened: uBlock Origin is being gradually disabled due to Google’s Manifest V3 transition, with users seeing “This extension is no longer supported” messages starting in late February 2025 Dataconomy.
- Scale: V3 adoption has reportedly reached a high percentage of actively maintained extensions as of October 2024, though the exact figure is disputed and may vary across sources.
- User impact: Transition involves rerouting to uBlock Origin Lite, with reduced blocking capabilities . (Source: The Verge)
Honey
In late 2024, Honey—a PayPal‑owned coupon extension—faced backlash when accusations emerged that it altered affiliate links, crediting itself instead of content creators.
- Reports suggested a user decline following the controversy, but exact figures, such as 3 million lost in two weeks, remain unverified.
- Google updated the Chrome Web Store policy in March 2025 to ban extensions that claim affiliate commissions without showing discounts.
- As a result, Honey updated its extension to stop hidden affiliate attribution. (Source: Wikipedia)
Emerging Administrative Controls & Proactive Security
- January 2025: Google introduced managed enterprise controls for IT admins to curate safe extensions, blacklist threats, and remove compromised ones. (Source: The Verge)
Note: These measures were part of a proactive security strategy, not solely a reaction to recent incidents.
- Research 2024–2025: Security papers highlight that 60% of Chrome extensions aren’t updated yearly, and ~350 million users are exposed to “Security‑Noteworthy Extensions”.
- May 2025: Study of 36,324 extensions found 22 with vulnerable remote code inclusions, again highlighting injection risks. (Source: Arxiv)
User Impact Over Time (2024–2025)
- 2.6 million from December 2024 compromised extensions (Source: Wikipedia, Pulsedive)
- 3.2 million from February–March 2025 hijacked extensions (Source: Arxiv)
- Honey extension experienced a reported drop in users; exact numbers unconfirmed. (Source: Wikipedia)
Why These Extensions Were Banned
- Credential/data theft
- Injected code in 20+ extensions stole cookies and passwords. (Source: Carnegie Mellon University, Field Effect)
- Malicious updates via hijacked developer accounts
- 16 popular extensions were compromised to inject fraudware and trackers. (Source: New York Post)
What’s Next For Chrome Extensions?
Between late 2024 and mid-2025, Chrome’s extension ecosystem faced rapid enforcement of bans across multiple fronts:
- Over 2.6 million users affected by credential‑stealing add‑ons (Sources: Pulsedive, Digital Information World)
- Another 3.2 million users were exposed via hijacked developer accounts in a separate incident
- uBlock Origin disabled for not matching Manifest V3 specs (Source: TheVerge)
- Honey extension forced to update after policy changes around affiliate monetization. (Source: Wikipedia)
Keep your setup secure: audit your extensions, remove outdated or unused ones, upgrade to manifest V3 if necessary, and stay informed about evolving malicious and policy threats. With proactive measures and awareness, you can enjoy Chrome’s flexibility without compromising on safety.
