Internet users know by now that while on the web, you need to use caution to ensure you don’t fall victim to any of the many types of cybersecurity attacks. From software downloads to email attachments, users constantly need to be on high alert.  Being cautious of browser extensions is no different.

Google recently removed five Chrome browser extensions from their official Chrome Web Store. The extensions were installed by a combined 1.4 million users before they were taken down. The malicious extensions kept a list of every website a user visited, as well as their location according to a report created by McAfee security researchers.

The extension would also inject custom Javascript ads on to certain websites, earning developers ill-received advertising revenue. Some of the extensions would wait 15 days before they would inject the ads, making it harder to track down the source of the problem.

The malicious technique of hijacking browsers to inject pages with more advertising is not new. It’s the fact that the extensions were in the Chrome Web Store - seemingly with Google’s seal of approval - that allowed them to be as widespread as they are. As much as the blame could be put on the user, the fact that Google hosted the extension in their trusted store and presented them to users causes them to bear some of the blame as well.

The extensions that were blocked include “Netflix Party,” “Netflix Party 2,” “FlipShope – Price Tracker Extension,” “Full Page Screenshot Capture – Screenshotting,” and “Autobuy Flash Sales.”

If you have any of these extensions on your Chrome browsers or Chrome OS devices, remove them immediately.

Story via PCWorld