Chrome Users Urged to Delete Four Extensions Linked to Cyber Attacks

Google has issued a fresh warning about hidden risks lurking in some Chrome browser extensions, confirming active exploits and pushing an urgent update for its 3 billion users worldwide.

The company revealed last week that a stealthy security threat had been partially contained through a silent configuration update distributed to all users. However, new research from cybersecurity firm LayerX has uncovered a different type of danger — a network of dormant but malicious browser extensions, which appear to be waiting to receive commands to unleash harmful code on users’ systems.

LayerX’s investigation identified four suspect Chrome extensions primarily designed for managing browser sound settings. Though these add-ons present themselves as legitimate tools for volume control, they share unusual characteristics. According to LayerX, the extensions show similar coding patterns, utilize remote code execution methods to avoid detection, and connect to known malicious domains, indicating coordinated development likely by a single actor or group.

The flagged extensions are:

* Sound Booster [ID: pmilcmjbofinpnbnpanpdadijibcgifc]

* Volume Max - Ultimate Sound Booster [ID: mgbhdehiapbjamfgekfpebmhmnmcmemg]

* Volume Master: Master Your Sound [ID: eoejmjkddfbhhnbmklhccnppogeaeeah]

* Volume Booster: Ultimate Sound Enhancer [ID: dlcgileladmbfijjmnleehhoebpggpjl]

All remain available for download from the official Chrome Web Store, despite security warnings from multiple vendors. Notably, the ‘Volume Max’ extension has over a million downloads and has already been flagged by cybersecurity services, yet Google has not removed it. LayerX stated it is still investigating other extensions potentially tied to this campaign.

Experts stress that while these extensions are currently dormant — with no active malicious behavior detected — their design enables them to function as a “sleeper network.” Such networks could serve as a modern alternative to traditional botnets, offering cybercriminals easy access to sensitive user data including cookies, passwords, browsing histories, and other personal information.

Chrome extensions remain a significant vulnerability point. Although widely used by millions, the extension upload process lacks strict controls, making it difficult to verify developers and trace origins. This gap allows malicious actors to distribute harmful code disguised within seemingly helpful tools.

Google has been contacted for comment regarding the ongoing presence of these extensions on its platform and any steps planned to tighten extension vetting processes. Meanwhile, security professionals recommend users remove the flagged extensions immediately to mitigate risk.