Password-stealing Chrome extension smuggled on to Web Store

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome’s latest security and privacy standard, Manifest V3.

To prove it, they created a proof of concept browser extension that could steal passwords and put it through the Chrome Web Store review process.

Browser extentions are small applications like ad blockers and password managers that extend the capabilities of browsers. In order to do what they do they enjoy a high degree of access to both the web browser and the pages the browser displays. This creates a significant challenge for vendors like Google.

On the one hand, the more access browser extensions enjoy, the more they can do and the more useful and featureful they can be. On the other hand, extensions are made by third-parties who may or may not be trustworthy, and the more access they have, the more harm they can do if they are malicious.

Google’s best, most recent stab at enforcing a sensible balancing act between those two things is the Manifest V3 standard, which has also been adopted by Microsoft Edge and Mozilla Firefox.

Manifest V3 tightens up security in a number of ways, most notably by stopping extensions from downloading code from remote websites. This stops them from changing their functionality after they’ve been installed, which makes it easier for Google to understand what an extension does during the Chrome Web Store review process.

Although Manifest V3 makes life tougher for malicious extensions that want to steal passwords and other sensitive information, the researchers have demonstrated it’s still possible to get a password-stealing extension through the review process.

The attack is feasible because the interaction between the extensions and the web pages has not changed. The extensions can still access entire contents of the web pages, including text input fields where users may enter sensitive information such as passwords, Social Security Numbers (SSN), and Credit Card information.

The attack’s success hinges on the fact that extensions have full and unfettered access to the Document Object Model (DOM) of every web page you visit. The DOM is a representation of a web page in computer memory that can be accessed and changed, allowing the page to be modified on-the-fly.

…when an extension is loaded onto a website, it is integrated into the DOM tree, obtaining unrestricted access to all DOM elements via the DOM APIs. This exposes a critical security issue – the lack of a security boundary between the extension and the rest of the DOM tree.

Full access to a page’s DOM gives extensions tremendous power, which includes reading or modifying text input fields, like the ones you type your passwords into. The success of the researchers’ technique depends on the way the page is designed, but the paper claims that most of the top 10,000 websites are vulnerable, including the likes of,,,, and, among others.

To prove the technique was viable in the real world the researchers created a browser extension disguised as a “GPT-based assistant offering ChatGPT-like functions on websites”. This allowed the extension to plausibly ask for permission to run on all websites. (It was withdrawn as soon as it passed the review process.)

Having established that it was possible for a malicious extension using these techniques to pass the review process, the researchers analysed the extensions already on the web store and found that 12.5% of them had the necessary permissions to exploit the password input field vulnerabilities, and identified 190 extensions that directly access password fields.

The researchers offer two potential fixes: A “bolt on” remedy for vulnerable sites and a “built in” remedy for browsers. The bolt on is a JavaScript library that can be added to websites to prevent unwanted access to password fields. To be successful it would need to be widely adopted and, frankly, history suggests it probably wouldn’t be. The built in remedy suggests changing Chrome to alert users whenever any JavaScript function accesses any password fields. This would be no small undertaking, but seems more likely to succeed if Google can be persuaded to adopt it.

Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.