SafeBrowse Chrome Extension Allegedly Hacked to Covertly Mine Cryptocurrency on Users' PCs

SafeBrowse Chrome Extension Allegedly Hacked to Covertly Mine Cryptocurrency on Users' PCs
  • The creators of SafeBrowse are calling this the work of a hacker
  • CPU usage can spike, causing PCs to slow down dramatically
  • Google seems to have removed SafeBrowse from the Chrome Web Store

Users of the SafeBrowse extension for Chrome started noticing heavy CPU usage and PC slowdowns after updating to version 3.2.25. The extension claims to protect users by disabling ads that cover the entire screen and bypassing interstitial ads used by URL redirectors such as Adfly and Linkbucks. However, the latest update seems to include a feature that would qualify as malware on its own.

Security tracking site Bleepingcomputer discovered a JavaScript app embedded in the update that acts as a miner for the Monero cryptocurrency, harnessing the CPU power of PCs running the extension but earning money only for SafeBrowse's authors. Bleepingcomputer has published screenshots of the Windows Task Manger showing a spike in CPU usage at the time the extension was installed, as well as Chrome's own task manager showing 61.6 percent CPU usage caused by the SafeBrowse extension's thread. The PC used for the test immediately began behaving sluggishly, and applications started failing to respond. The site has also collected user reviews left in the Chrome Web Store complaining that the extension has made people's computers run slowly.

The extension is effectively acting as malware, turning PCs into zombies that are part of a giant worldwide botnet. While there might not be any malicious intent, users are unwittingly suffering while someone else makes money.

SafeBrowse now appears to have been taken down from the Chrome Web Store, as searches now lead to a 404 error page but Google still caches the original page, which shows that the extension had over 140,000 users as of September 19. The SafeBrowse team has responded to the controversy claiming that it has not released any updates for several months and this must be the work of a third-party hacker. Version 3.2.1 is the last updated listed on the official website. If true, this opens up the possibility of other Chrome extensions being used as vectors to infect millions of PCs worldwide despite Google's best efforts.

Users who have SafeBrowse installed can get rid of it by going to the Extensions page which is found under More Tools in the Chrome menu, or by right-clicking its icon next to the address bar and selecting Remove from Chrome.

Just a few days ago, The Pirate Bay was found to have done almost exactly the same thing, running a JavaScript currency miner on some pages. The site's operators claimed that it was an experiment with the intention of seeing whether ad revenue could be replaced. 


For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
As Apple Slows, Fast-Moving Chinese Rivals Gain in Wealthy Markets
HTC Expected to Make 'Major Announcement' on Thursday, Google Acquisition Speculated
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2023. All rights reserved.
Trending Products »
Latest Tech News »