Delete Every Chrome And Edge Extension That’s On This List

Google Chrome and Microsoft Edge are under attack. The latest zero-day vulnerability was discovered by Google’s own Threat Analysis Group and triggered a quiet configuration change for “all users” and an emergency update.

CVE-2025-6554 also prompted America’s cyber defense agency to warn that this “type confusion vulnerability could allow a remote attacker to perform arbitrary read/write via a crafted HTML page,” mandating government staff update by July 23.

But there’s another threat to Chrome and Edge that’s hidden from view. In recent weeks, both LayerX and Symantec have warned of the very real dangers in the extensions installed by hundreds of millions of users from official stores.

ForbesSamsung Confirms New AI Upgrade To Beat iPhone And PixelBy Zak Doffman

Now we have more of the same. Koi Security has just warned users to delete a list of 18 extensions if they’re installed on their devices, extensions that present a real and present threat to those users and which have been installed millions of times.

“If you think a Chrome extension with Google’s verified badge, 100,000+ installs, 800+ reviews, and featured placement on the store is trustworthy? Think again,” the team says, Once again, these dangerous add-ons “perfectly demonstrate how sophisticated threat actors are exploiting the trust signals we rely on.”

The extensions, Koi says, “masquerade as popular productivity and entertainment tools across diverse categories: emoji keyboards, weather forecasts, video speed controllers, VPN proxies for Discord and TikTok, dark themes, volume boosters, and YouTube unblockers.” The type of trivial functionality that is catnip to users.

The team says each extension “provides legitimate functionality while secretly implementing the same browser surveillance and hijacking capabilities we discovered in the color picker.” It’s the common ecosystem and code base that has enabled other security teams to unpick networks of dangerous extensions in the past.

And again, some of these extensions “have achieved verified status or featured placement across both the Chrome Web Store and Microsoft Edge Add-ons store, demonstrating that security failures extend across both major browser marketplaces.”

ForbesGoogle’s Android Upgrade—1 Billion Users Need A New PhoneBy Zak Doffman

The software is controlled through external command and control servers, each with a unique subdomain. But while this gives “the appearance of separate operators,” they are “actually part of the same centralized attack infrastructure.”

Koi’s team says “immediate action is required” by affected users:

1. “Remove all affected extensions immediately from Chrome and Edge
2. Clear your browser data to remove stored tracking identifiers
3. Run a full system malware scan to check for additional infections
4. Monitor your accounts for any suspicious activity if you visited sensitive sites
5. Review all installed extensions for similar suspicious behavior.”

The list of identified extensions is as follows:

Google Chrome:

• kgmeffmlnkfnjpgmdndccklfigfhajen — [Emoji keyboard online — copy&past your emoji.]
• dpdibkjjgbaadnnjhkmmnenkmbnhpobj — [Free Weather Forecast]
• gaiceihehajjahakcglkhmdbbdclbnlf — [Video Speed Controller — Video manager]
• mlgbkfnjdmaoldgagamcnommbbnhfnhf — [Unlock Discord — VPN Proxy to Unblock Discord Anywhere]
• eckokfcjbjbgjifpcbdmengnabecdakp — [Dark Theme — Dark Reader for Chrome]
• mgbhdehiapbjamfgekfpebmhmnmcmemg — [Volume Max — Ultimate Sound Booster]
• cbajickflblmpjodnjoldpiicfmecmif — [Unblock TikTok — Seamless Access with One-Click Proxy]
• pdbfcnhlobhoahcamoefbfodpmklgmjm — [Unlock YouTube VPN]
• eokjikchkppnkdipbiggnmlkahcdkikp — [Color Picker, Eyedropper — Geco colorpick]
• ihbiedpeaicgipncdnnkikeehnjiddck — [Weather]

ForbesIf You Get This Message, An App On Your Phone Is Spying On YouBy Zak Doffman

Microsoft Edge:

• jjdajogomggcjifnjgkpghcijgkbcjdi — [Unlock TikTok]
• mmcnmppeeghenglmidpmjkaiamcacmgm — [Volume Booster — Increase your sound]
• ojdkklpgpacpicaobnhankbalkkgaafp — [Web Sound Equalizer]
• lodeighbngipjjedfelnboplhgediclp — [Header Value]
• hkjagicdaogfgdifaklcgajmgefjllmd — [Flash Player — games emulator]
• gflkbgebojohihfnnplhbdakoipdbpdm — [Youtube Unblocked]
• kpilmncnoafddjpnbhepaiilgkdcieaf — [SearchGPT — ChatGPT for Search Engine]
• caibdnkmpnjhjdfnomfhijhmebigcelo — [Unlock Discord]

Some of these extensions have been removed from stories, but at the time of publishing, Koi reports many are still available. Check your own extensions against the list.