KARACHI: The National Telecom and Information Technology Security Board (NTISB) has issued a warning urging users to avoid 16 browser extensions due to potential security risks, including hacking and data breaches.
Among the extensions listed are several AI and VPN tools, both of which have seen a rise in popularity in recent times. According to the NTISB advisory, hackers are using these commonly installed browser extensions to steal sensitive personal data from apps like social media, banking platforms, and other websites.
Browser extensions, which users can install to enhance the functionality of browsers like Google, Mozilla, and Microsoft Edge, are different from applications in that they only operate within the browser and do not get installed directly on users’ devices. These extensions, which are often created by third-party developers, offer a variety of functions like note-taking, content downloading, password saving, and ad-blocking.
Unlike apps that typically generate revenue for developers through subscriptions or other means, many browser extensions are free and, as a result, pose greater security risks. The NTISB’s advisory highlighted 16 extensions suspected of being compromised, including AI Assistant – ChatGPT, Gemini for Chrome, Bard AI Chat Extension, and VPNCity. Hackers had previously targeted 35 extensions, including those mentioned in the advisory, resulting in the theft of data from over 2.6 million users.
One extension, Cyberhaven, revealed that hackers managed to breach the extension, uploading a malicious version to the Chrome Web Store. The NTISB warns that such “legitimate extensions” are being exploited to steal personal identification information.
The advisory advises users to refrain from installing untrusted extensions and to read the permissions required by any extension before granting them access. It also recommends regularly updating extensions and removing any unnecessary ones.
Two VPN extensions on the list, VPNCity and Internxt VPN, allow users to bypass blocked content. VPN usage has surged in Pakistan due to restrictions on platforms like X. However, research indicates that many free VPN services pose significant cybersecurity risks. Simon Migliano from Top10VPN.com, a VPN review site, noted that 88% of free VPNs and browser extensions leak sensitive user data, and many of them monetize personal data by selling it to third parties. He emphasized the importance of researching VPN services and reading reviews before using them.
