- I still recommend this TCL TV model from last year - especially at $500 off right now
- Nvidia launches blueprints to help jump start AI projects
- Dockerize a Django App: Step-by-Step Guide for Beginners | Docker
- The best AI tech of CES 2025: Neural wristbands, smart mirrors and more
- Examining disk space on Linux
I found a malicious Chrome extension on my system – here's how and what I did next
Well, that wasn’t fun. Last week, Ars Technica ran a report about 33 Chrome extensions that have been found to have malware. And yeah, yesterday I found that I had one of them installed.
You can read the Ars article for a list to check yourself. One seemed familiar: Reader Mode. It was intended to clear a page of all non-text to make it more readable, like Safari’s Reader Mode. I haven’t run it for quite some time, but the name was familiar.
Also: Google’s favorite Chrome extensions of 2024 can save you time and money
I went to my 3-dot menu in Chrome, then Extensions, then Manage Extensions. And there it was, right at the top of the page: “This extension contains malware.” Fortunately, the extension was switched off, but I have no idea when it became infected or whether it did any damage to the Chrome installs on my Macs or Windows machines.
The first thing I did, of course, was hit the little trashcan and remove the extension. But that’s not all I had to do. Not by a long shot. That was just the start of what would become a long day.
Cleaning up Chrome
If you find malware in your Chrome, you might want to follow the steps I took after this lovely discovery. Even though Chrome syncs settings, I did this set of steps on each of my active computers. That’s three Macs and three Windows machines. Because I have nothing better to do with my time (grumble).
Note that for this article, I’m giving you the URLs as plain text, rather than as links. If you have a compromised browser, links might be compromised. So copy and paste the plain text URLs and visit the pages that way. Regular pages like Google blog posts and ZDNET articles will be presented as traditional links.
Also: The best secure browsers for privacy
First, of course, if you see any of the other extensions listed as malware in your Chrome security dialog, remove them.
There used to be a Chrome cleanup tool, but that was discontinued with Chrome 111. Google says that Chrome is protected with its Safe Browsing protection level in Chrome. There’s an Enhanced Protection level, which should help by sharing real-time data with Safe Browsing.
So that’s where I went next. Point your Chrome to chrome://settings/security.
Fortunately, I already had Enhanced Protection turned on. That was a big relief.
Next, point your browser to Chrome’s safety check at chrome://settings/safetyCheck. Here, you’ll see some guidance about things to fix if Chrome notices any issues. Follow the directions. My Chrome seems fairly happy at the moment.
Next, I cleared all my browsing data and cookies. That will require logging back into a bunch of sites, but it’s worth it to know I’m fairly safe. Point your browser to chrome://settings/clearBrowserData.
I clicked the Advanced tab, scrolled down, and checked everything. The only things I kept were my browsing and download histories. I’m not happy about killing everything else, but safety first, right? Ugh.
That process took about five minutes for me, and my Chrome now had that just-showered feeling, all day long. Because I’m worth it.
There is one more Chrome step you could take, but I didn’t do it. You could run chrome://settings/reset. But beware, this basically nukes all your Chrome features. Beyond removing browsing data and cookies, it will:
- Clear your default search engine
- Set your home page back to Chrome default
- Set your start tabs back to Chrome default
- Set your new tab page back to Chrome default
- Remove all your pinned tabs
- Remove all your installed extensions and themes
And it will also do the steps we did above in clearBrowserData.
I didn’t want to have to go that far back to the beginning, so I settled on just clearing my browsing data.
At this point, I quit Chrome and rebooted my machine. As one does.
Change passwords
I’m still not ready to move to passkeys. Passkey technology is pretty impressive, but it has implications for my entire workflow. So before I make the transition, I want to be sure I’m ready. That’s next on my security to-do list, but it’s not here today.
Today, however, I’m going through and changing passwords. I’m resetting all my socials and all of my primary cloud services, along with key financial institutions. There’s no way I can change all my passwords (I have a few thousand of them), but I certainly can change the passwords for my most-frequently used sites.
Also: 7 essential password rules to follow in 2024, according to security experts
I did, once again, contemplate deleting all my accounts, shutting down my internet service, and moving to a yurt somewhere on the Mount Jumbo North Peak Trail in Montana. But then I remembered that it’s cold in Montana, Amazon Prime and Instacart won’t deliver there, there’s a new Star Trek movie coming out in a few weeks, and, you know, I have a job.
So I just changed my passwords, one by one.
Windows antivirus
So, yeah. Antivirus. I know, it feels suddenly like 2003, but hear me out. Windows 11 comes with Microsoft Defender, which ZDNET’s own Ed Bott says is quite excellent. So I ran that.
First, I went to Windows Security on my first Windows 11 machine (I eventually repeated this on all three) and clicked into Virus & threat protection.
Apparently, Windows had run a scan the day before and had found one threat. Not good, but fixable. I scrolled down to Full Scan and ran a full scan on the system. That took longer, but I wanted that cozy full-scan feeling.
Once it completed, it reported no threats, which was nice.
After that, even though it really wasn’t necessary, I also ran an offline scan. I figured that, since I had the tool, I might as well use it.
The offline scan is funny, because it runs when Windows isn’t loaded. As such, it uses some very primitive graphics resources, which really did give me that 2003 feeling.
When it completed, Windows rebooted, and all was good. I just had two more machines to take through the same process, which I subsequently did.
As for Mac antivirus, there really isn’t a need to run such a thing. Yes, I know there are third-party providers who sell antivirus. But, as Ed says, “XProtect antimalware technology has been around for over a decade and is effective against mainstream threats.”
And that was that
At this point, I feel fairly sure my systems are safe. I updated Chrome on six machines, nuked all my settings, cleared out bad extensions, changed a ton of passwords, and ran malware scans on my Windows machines.
It wasn’t exactly how I wanted to spend my Sunday, but everyone needs a hobby, I guess.
So, what about you? Are you running any bad extensions? Did you look at Chrome and see what it’s reporting as issues? Have you enabled Enhanced Security? Have you considered moving to a yurt? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.
