There are an estimated 137,000 or so extensions available for Google Chrome, so they can’t all be winners. While many are incredibly useful, safe, and even fun, there are others that basically amount to Trojan horses for malware, tracking, and scams. These are usually pretty easy to spot, but a handful of very popular options have apparently been running low-key, very sneaky operations their collective 1.4 million users—and if you’re one of those users, you’re going to want to uninstall them ASAP.
[Related: These browser extensions will keep you safer online.]
As first uncovered by McAfee and subsequently reported on by Ars Technica, five extensions (Netflix Party, Netflix Party 2, FlipShope, Full Page Screenshot Capture, and AutoBuy Flash Sales) are covertly tracking installers’ browser histories and injecting JavaScript code into certain e-commerce websites they visited. For instance, if someone visited a particular site, the extensions in question would insert a code that modified domain’s cookies so its designers could receive affiliate payments for any purchases. The extensions also sent along devices’ unique identifiers including country, city, and zip codes.
It’s important to note here that this Netflix Party extension is not the extension formerly known as Netflix Party, now called Teleparty, which currently boasts over 10 million installs. Teleparty remains safe to use.
A Google spokesperson confirmed to Ars Technica that the five extensions have been pulled from the Chrome Web Store and are no longer publicly available. That said, anyone who has previously downloaded one of those programs will need to manually uninstall the extensions themselves.
Malware is an eternal struggle for any device. That said, there are plenty of ways to beef up your own online security — check out PopSci‘s handy guide for malware removal for some expert tips.