Over Christmas, a small group of researchers worked overtime tracking at least 33 browser extensions hosted in Google’s Chrome Web Store that were surreptitiously siphoning sensitive data from some 2.6 million devices.

https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/