Table of Contents
Browser Extensions That Spy on Your Kids: What to Audit and What to Remove
Malicious browser extensions can steal passwords, track browsing, and hijack search results — and kids install them constantly. Here's how to audit every extension on your family's computers.
Your 11-year-old installed a “free Robux generator” Chrome extension six months ago. It didn’t generate any Robux — but it has been reading every webpage they visit, capturing form inputs including passwords, and sending usage data to a server in Eastern Europe. The extension has 40,000 users and a 4.2-star rating on the Chrome Web Store.
This is not a hypothetical. In 2023, Google removed 32 extensions from the Chrome Web Store after researchers discovered they were collectively collecting data from over 75 million users. Most of them were disguised as productivity tools, VPNs, or gaming utilities — exactly the kind of thing kids install without thinking.
Key Takeaways
- Browser extensions can read everything on every webpage you visit — they require explicit permission to do this, but many kids click “Allow” without reading.
- Malicious extensions commonly disguise themselves as games, ad blockers, Roblox tools, homework helpers, and free VPNs.
- The Chrome Web Store, Firefox Add-ons, and Edge Add-ons stores do not guarantee extension safety — malicious extensions routinely pass their review.
- An extension audit takes 10 minutes and should happen every 3 months on any computer your child uses.
- Three categories of extensions should never be installed on family computers: game cheats, “free” cryptocurrency tools, and unofficial versions of popular apps.
How Browser Extensions Work (And Why They’re Dangerous)
When you install a Chrome or Firefox extension, it requests permissions during installation. The permissions you’re granting are significant:
| Permission | What It Lets the Extension Do |
|---|---|
| ”Read and change all your data on all websites” | See everything you type and read on every site |
| ”Manage your downloads” | Control what you download |
| ”Read your browsing history” | See every URL you’ve visited |
| ”Access clipboard” | Read anything you’ve copied |
| ”Access your location” | Know where you are |
Most extensions request “read and change all your data on all websites” — the broadest possible permission. When kids click “Add Extension” on something that promises free in-game currency or the ability to customize YouTube, they’re granting an unknown developer the ability to read every password field, banking page, and private message they visit.
How Malicious Extensions Operate
The Legitimate-Then-Malicious Pattern
Many malicious extensions start legitimate. A developer builds a useful tool, builds up a user base, then sells the extension to a malicious party. The new owner pushes a silent update that adds data collection. The extension still works — but it’s now doing something else too.
Fake Popular Extensions
Malicious extensions often mimic popular legitimate ones: “AdBlock Pro” vs. the real “uBlock Origin”; “Dark Mode for YouTube” vs. dozens of alternatives. A slight name variation is enough to fool someone who isn’t paying close attention.
Permission Escalation Over Time
Some extensions start with minimal permissions, build trust, then push an update requesting additional permissions. The browser shows a small notification, which most users dismiss automatically.
How to Conduct a Family Extension Audit
Chrome Audit (15 minutes)
- Open Chrome → type
chrome://extensionsin the address bar - Review every extension listed. For each one:
- Do you recognize it and remember installing it?
- Click “Details” and review what permissions it has
- If it has “Read and change all your data on all websites” — does it actually need that?
- Remove any extension you don’t recognize or actively use
- After the audit, disable extensions you rarely use (toggle switch) rather than removing them if you’re unsure
Quick red flags to remove immediately:
- Anything with “free” + Robux, V-Bucks, or other game currency in the name
- “VPN” extensions that are free with no clear business model
- Extensions that promise to unlock or bypass content
- Anything downloaded from a link in a YouTube video comment or Discord server
Firefox Audit
Open Firefox → Menu (three lines) → Add-ons and Themes → Extensions. Same process as Chrome.
Edge Audit
Open Edge → edge://extensions/. Same process.
Where Kids Get Extensions (The Risk Sources)
| Source | Risk Level | Notes |
|---|---|---|
| Chrome Web Store (directly) | Medium | Google reviews but malicious extensions pass |
| Developer’s website (sideloading) | High | No store review at all |
| YouTube tutorial links | Very High | Often custom malicious extensions |
| Discord server links | Very High | Frequently malicious |
| School’s IT-approved list | Low | IT departments vet these |
Extensions That Are Actually Dangerous for Kids
Based on 2023-2024 security research, categories to avoid:
Game-related fakes: “Free Robux,” “V-Bucks Generator,” “Fortnite Hacks,” “Minecraft Cheat” extensions are nearly universally malicious. Legitimate game companies do not distribute through browser extensions.
Fake VPNs: Free VPN extensions have been repeatedly found to sell browsing data, inject ads, and in some cases proxy traffic through compromised devices. If you need a VPN, pay for one from a reputable company.
Unofficial app clones: “Dark Reader for YouTube,” “Better Netflix,” etc. — when the legitimate extension exists, the unofficial versions are suspect.
“Productivity” extensions from unknown developers: Dozens of tab managers, focus tools, and similar extensions have been found data-harvesting.
Extensions That Are Actually Safe and Useful
For family computers, a minimal extension policy is best:
Safe, recommended extensions:
- uBlock Origin (content blocking) — open source, well-audited, legitimate
- Bitwarden (password manager) — open source password management
- Privacy Badger (EFF) — blocks trackers, developed by a trusted nonprofit
- Google Translate (if you need it) — Google’s own extension, well-maintained
Parental Controls for Extensions in Chrome
If your child uses a managed Google account (common in school setups or with Google Family Link), you can restrict extension installation:
- In Google Admin Console or Family Link → Device Management → Chrome → Apps & Extensions
- Set “Allow all apps and extensions except the ones I block” or “Block all apps and extensions except the ones I allow”
- The “allowlist only” approach is the most secure for younger children
For unmanaged Chromebooks or Windows computers, you can’t prevent extension installation through Chrome settings alone — rely on the audit approach and conversations about why it matters.
What to Watch For Over 3 Months
- Month 1 audit: Run the full audit on every computer your child uses. Document what’s installed. Remove anything unrecognized.
- Month 2 check: Any new extensions that weren’t there in month 1? Ask about them.
- Month 3 routine: Make extension review a 5-minute part of a larger monthly “digital hygiene” check alongside password review.
- School year transitions: Beginning of school year is when kids install school-related extensions. Do an audit after the first two weeks of school.
Frequently Asked Questions
How do I know if an extension has already stolen data?
You can’t easily detect past data exfiltration from an extension. If you find and remove a suspicious extension, change passwords for any accounts you accessed while it was installed — especially email, school accounts, and any financial accounts.
Are extensions on mobile browsers dangerous too?
Mobile Chrome and Safari don’t support extensions in the same way as desktop browsers. Mobile browsers are significantly more sandboxed. The primary risk is on desktop Chrome, Firefox, and Edge.
My child’s school requires certain extensions. How do I verify they’re safe?
Ask your school’s IT department for the extension IDs (the unique identifier in the Chrome Web Store URL) and look them up in the extension’s Chrome Web Store listing. Check the developer’s name, the number of users, and read the reviews. Extensions from recognized education technology companies (Google, Microsoft, Schoology) are generally safe.
What’s the difference between a browser extension and a plugin?
Browser plugins (like old Flash or Java plugins) are largely obsolete and blocked in modern browsers. Extensions are the modern equivalent and are what we’re discussing here. On mobile, what most people call “plugins” in apps are different from browser extensions.
Sources
- Kapersky Lab. (2023). Browser Extension Threats in 2023. Securelist.
- Kaspersky Security Research. (2024). How malicious extensions steal data. Kaspersky Blog.
- Cimpanu, C. (2023). Google removes 32 malicious extensions from Chrome Web Store. The Record.
- Electronic Frontier Foundation. (2023). Privacy Badger Overview. EFF.org.
- Felt, A. P., et al. (2012). Permission Re-Delegation: Attacks and Defenses. USENIX Security ‘12.
- Jagpal, N., et al. (2015). Trends and Lessons from Three Years Fighting Malicious Extensions. USENIX Security ‘15.
Ricky Flores is the founder of HiWave Makers and an electrical engineer with 15+ years of experience building consumer technology at Apple, Samsung, and Texas Instruments. He writes about how kids learn to build, think, and create in a tech-saturated world. Read more at hiwavemakers.com.
