<ul data-eligibleForWebStory="false"><li>Browser extensions installed on nearly 1 million devices have been found to override key security protections, turning browsers into website-scraping bots for a paid service.</li><li>These 245 extensions available for Chrome, Firefox, and Edge have amassed almost 909 million downloads, offering various functions while all incorporating the MellowTel-js JavaScript library, facilitating monetization.</li><li>The use of these extensions to scrape websites on behalf of paying customers, including advertisers, has raised concerns about privacy erosion, potential vulnerabilities to attacks like cross-site scripting, and the lack of end-user visibility into the websites being accessed.</li><li>Despite claims by MellowTel's founder regarding revenue sharing and data collection practices, security researcher John Tuckner highlighted the risks posed by these extensions, drawing parallels to similar malicious practices uncovered in the past.</li></ul>

Browser extensions turn nearly 1 million browsers into website-scraping bots

Discover more