Popular Chrome extension accused to be stealing your browser data

Beware of this browser extension!


Browser extensions are meant to help users in several ways. However, a recent finding by security researcher Robert Theaton from San Francisco is quite worrying. A popular plugin called Stylish on Google Chrome and Mozilla Firefox was found to be recording everything that the users did online since January 2017 after it was sold to SimilarWeb.

Popular Chrome extension accused to be stealing your browser data


According to a report by Alphr, the software used by the extension is designed to let users customize how the webpages should appear inside the browsers. This extension has been hijacked by spyware. Over 1.8 million users across the world use the extension and it is likely that it has been recording the browsing history of all its users.

User data could be hacked

What's worse is that the browsing data could be linked to their details making them identifiable and vulnerable to blackmailers and hackers. Check out some malicious Chrome extensions from here.

Mr. Theaton has taken to his blog stating, "It only takes one tracking request containing one session cookie to permanently associate a user account with a Stylish tracking identifier. This means that Stylish and SimilarWeb still have all the data they need to connect a real-world identity to a browsing history, should they or a hacker choose to."

Data theft

He claims that Stylish sends the entire browsing activity to its servers along with a unique identifier. This includes Google search results on your browser. With this information, SimilarWeb connects to the users with all their online activity. In addition to having access to a copy of the users' complete browsing history, SimilarWeb also has other data such as email address and the users' identity.

At that time, the privacy policy of SimilarWeb stated that they collect non-personal information. However, in the case of this browser extension, the company appears to have collected more details from unsuspecting users. Some URL sessions visited by the users seem to contain password reset tokens in the URL itself. This could be a problem if the user didn't use the token or if the token hasn't expired as it might result in big security vulnerabilities.


In his blog, Robert claims that he noticed a massive number of requests going to api.userstyles.org and URLs are encoded with the Base64 Encoding, which is easy to decode using a decoder. He decoded the same to find a lot of session data and browser data, which has been sent to the company's servers.

Most Read Articles
Best Mobiles in India

Read More About: browsers data hacking news internet

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more