DigiNews

Summary

The article describes an automated scanning pipeline that runs Chrome inside Docker behind a MITM proxy to detect extensions leaking browsing data. It identifies 287 Chrome extensions with about 37.4 million installations leaking user history and details various leakage methods, including URL-based payloads, obfuscated or encrypted data, and actor networks. It also discusses implications for user privacy and corporate risk, and provides examples, IoCs, and links to the underlying research.