I found 23 Chrome extensions hijacking 758,000 users’ searches for affiliate revenue

News

I scanned Chrome extension manifests for chrome_settings_overrides and found 23 extensions silently routing 758,000 users’ searches through hidden monetization networks. The pattern: install a free extension (satellite imagery, maps, news reader), your default search gets quietly replaced and every query goes through the operator’s middleware before reaching a search network, generating affiliate revenue you never consented to. Key findings: 8 distinct brokers behind these extensions. If one extension gets pulled, another goes up under a different name. Several extensions have zero functionality beyond the search override One extension affirmatively claims “We don’t track your searches” while its own privacy policy says otherwise One uses runtime declarativeNetRequest injection so the real behavior is invisible to static analysis The `hspart` parameter in the final search redirect URL is the clustering key. One value maps an entire broker network regardless of extension name, domain, or publisher identity. Full report: https://malext.io/reports/SearchJack/ submitted by /u/Huge-Skirt-6990 [link] [comments]Technical Information Security Content & DiscussionRead More