Google Chrome icon

Malicious code has been discovered in 34 Chrome extensions available on the Google Chrome Web Store, which have accumulated over 87 million installs.

Spotted by security blogger and researcher Wladimir Palant (via Popular Science), the malicious code was first found in a Chrome extension named PDF Toolbox in late May. Now, a further 17 browser extensions have been found using the same code, all with similar types of extension utilities.

The PDF Toolbox offers features such as converting documents, merging two PDF files and downloading “opened PDFs” in opened tabs. However, downloading PDFs from non-active tabs means the extension has access to web pages that are currently open. The malicious code allows a website named “” to inject obfuscated malicious JavaScript code into visited websites.

PDF Toolbox Chrome Extension example
PDF Toolbox Chrome Extension example via Almost Secure

Palant reports that the “extension also requests access to detailed browser tabs information and downloads,” even though it doesn’t use this information for its functions.

While the intent behind the malicious code isn’t clear, it can allow the extension to capture activity in a browser and redirect users to dodgy, fake websites – which can lead the developer to earn a profit through ads. An updated article shows that a Brisk VPN Chrome extension had reviews stating it was malicious, and other extensions, such as Image Download Center, were redirecting users to Bing Search (a common sign of browser hijacking).

The security researcher reported the malicious Chrome extensions to Google, and many have now been taken down from the Chrome Web Store. However, some are still active. Below is a list of the most popular browser extensions and their status as of writing.

Chrome Extension NameNo. of Users (weekly)Status
Autoskip for Youtube9,008,298Removed
Crystal Ad block6,869,278Removed
Brisk VPN5,595,420Removed
Clipboard Helper3,499,233Removed
Maxi Refresher3,483,639Removed
Quick Translation2,797,773Removed
Easyview Reader view2,786,137Removed
PDF toolbox2,782,790Removed
Epsilon Ad blocker2,571,050Removed
Alfablocker ad blocker2,430,636Available
Amazing Dark Mode2,228,049Available

Palant tested around 1,600 Chrome extensions on the Web Store, meaning there may be more using the same malicious code. If you recognise any of these browser extensions or experience any strange behaviour, such as redirecting web pages, remove them immediately. You can find a complete list of extensions and their status here

How to remove malware on Chrome

First and foremost, the best way to detect, prevent and remove any malware on Chrome is by using one of the best antivirus software. These can detect malware hiding anywhere on your device (browsers included) and remove them with ease. That said, you’ll also want to reset your browser and remove any suspicious programs lingering around.

For more information of malware on Chrome, we’ve got you covered.

Use antivirus software to remove malware

The best antivirus software will detect and remove malicious programs and software affecting your device – including browser hijackers. Simply installing an antivirus and performing a system scan should be able to detect the source of the issue and get rid of it. What’s more, you don’t need to pay for all the security tools an antivirus service offers, as free antivirus software from providers such as Bitdefender, Avast One or AVG offers the same detection and removal features.

Install the antivirus and perform a quick or full scan if you see any suspicious behaviour on Chrome.

Remove the Chrome extension

  • On Google Chrome, click on the puzzle “Extension” icon on the located next to the address bar.
  • Select Manage extensions.
How to remove a browser extension on Chrome
  • Find the Chrome extension you wish to remove, then click Remove.
  • A small pop-up will appear. Click Remove again.
How to remove a browser extension on Chrome

Perform a safety check

Previously, the Clean up computer option would see if Chrome can find any unsafe software affecting your browser or device. This tool has now been removed, but you can perform a safety check and turn on Enhanced protection instead.

  • On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
Google Chrome Settings
  • Select Privacy and security in the right-hand toolbar.
  • Under Safety check, click Check now (or the arrow to perform it again).
Malware on Google how to remove

If Chrome finds any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.

  • In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).
Malware on CHrome how to remove
  • Select Enhanced protection to turn it on.
Google Chrome Advanced security

Turning on enhanced protection does what it says on the tin. Google states it offers “faster, proactive protection against dangerous websites, downloads and extensions,” along with warning users about password breaches. It’s important to note that enhanced protection requires browsing data to be sent to Google.

The default standard protection also protects against these, but it won’t send URLs to Google’s Safe Browsing tool to check them or send samples of pages, downloads and extension activity to help Chrome discover new threats.

Reset your default browser settings

Malware on Chrome will alter your browser’s settings right under your nose. Since it can be difficult to find out all the specific changes made, you’ll want to reset your browser’s settings.

Find out how to reset settings in Google Chrome below:

  • On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
Google redirects to Bing fix
  • Select Reset setting in the right-hand toolbar.
  • Click Restore settings to their original defaults and then select Reset settings.
Google redirects to Bing fix

This will reset settings and shortcuts, disable extensions, and delete cookies and temporary site data. This is a good way to undo what the sneaky malware on Chrome may have changed.

Remove suspicious programs

Malware can sneak onto your device as programs disguised as harmless services. If antivirus software doesn’t detect these malicious programs, you can remove them yourself by heading into your computer’s Control Panel.

  • Use the search tool along the taskbar and type Control Panel on your Windows PC. Click on it.
Google redirects to Bing fix 3
  • In the window that pops up, select Uninstall a program under Programs.
Google redirects to Bing fix
Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here