|

Web mail Webmail Login


0
  • No products in the cart.
Total:$0.00
287 Chrome Extensions Caught Spying on 37 Million Users — What Your Dental Office Needs to Do Now - Compudent Systems
Information Technology Solutions for Dentists and the Dental Industry. Serving the GTA and Southern Ontario.
Dental I/T, Dental Information Technology, Network Security, Toronto, GTA, Dental, Network, I/T, Information Technology, Computer, Data, Abeldent, Dentrix, LiveDDM, Patterson Dental, Henry Schein, K-Dental, Sinclair Dental, Schick CDR, Dexis, Carestream, Carestream Dental, Digital Radiography, X-ray, Dental X-ray, Dental Software Support, Software
16866
bp-nouveau,wp-singular,post-template-default,single,single-post,postid-16866,single-format-standard,wp-theme-bridge,wp-child-theme-bridge-child,theme-bridge,woocommerce-no-js,ajax_fade,page_not_loaded,,columns-4,qode-child-theme-ver-1.0.0,qode-theme-ver-10.0,wpb-js-composer js-comp-ver-4.12,vc_responsive

287 Chrome Extensions Caught Spying on 37 Million Users — What Your Dental Office Needs to Do Now

11 Feb 287 Chrome Extensions Caught Spying on 37 Million Users — What Your Dental Office Needs to Do Now

Posted at 09:09h in News by

Security researchers have uncovered a massive surveillance operation hiding in plain sight: 287 Chrome browser extensions have been caught secretly exfiltrating users’ browsing history and sending it to data brokers. With approximately 37.4 million installations affected — roughly 1% of all Chrome users worldwide — this is a wake-up call for every dental office that relies on Google Chrome.

What Happened

Researchers at QContinuum built an automated scanning pipeline that installs Chrome extensions inside a controlled environment, monitors all network traffic, and measures whether outbound data correlates with browsing activity. Their methodology was straightforward: if an extension’s network traffic grows in proportion to the URLs you visit, it’s likely shipping your browsing data to a remote server.

The results were alarming. 287 extensions were flagged as actively exfiltrating browsing history. The data was being sent to a range of actors including Similarweb (a well-known web analytics company), an entity called “Big Star Labs” (which appears connected to Similarweb), “Curly Doggo,” Offidocs, and numerous smaller data brokers.

Why This Matters for Dental Offices

Chrome is by far the most-used browser in dental offices. Staff use it daily to access:

  • Practice management software (cloud-based)
  • Insurance portals and claims submission sites
  • Patient communication platforms
  • Dental supply ordering systems
  • Email and scheduling tools

If a staff member installs a compromised extension — even something as innocent-looking as a coupon finder, PDF converter, or theme customizer — every URL they visit gets recorded and sent to third parties. That includes URLs that may contain patient identifiers, insurance information, or internal system paths.

Even if only URLs are captured (not page content), browsing history can reveal sensitive patterns: which patients were looked up, which insurance claims were filed, and what internal tools are being used. This is a potential HIPAA compliance risk.

What You Should Do Right Now

  1. Audit all Chrome extensions — On every workstation, go to chrome://extensions and review what’s installed. Remove anything you don’t recognize or don’t actively use.
  2. Remove unnecessary extensions — If staff installed ad blockers, weather widgets, or “helper” tools on their own, remove them unless they’re business-critical and from a verified publisher.
  3. Use Chrome Enterprise Policies — If you’re using Google Workspace or have an IT administrator, deploy Chrome browser policies to restrict which extensions can be installed. You can whitelist only approved extensions and block everything else.
  4. Enable extension management — Set Chrome to require administrator approval before any new extension is installed.
  5. Educate your staff — Make sure everyone understands that browser extensions can see everything they do online. “Free” extensions often monetize by collecting and selling your data.
  6. Check the research list — The researchers published their findings on GitHub with a full report. Cross-reference your installed extensions against their list.

The Bigger Picture

This isn’t a new problem — researchers have been warning about malicious browser extensions since at least 2017. In 2018, the popular “Stylish” theme extension was caught doing exactly this. But with the Chrome Web Store now hosting over 240,000 extensions, the scale of the problem has grown enormously.

As the researchers noted: “Whatever software you are using for free and it is not open-sourced, you should assume you are the product.”

For dental offices handling protected health information, that’s not just an inconvenience — it’s a liability. Take 15 minutes today to audit your browsers. It could save you from a much bigger problem down the road.

Tags:
, , , ,


Contact us today - How can we help you?