An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers. According to findings by an independent security researcher using the pseudonym “Q Continuum,” a total of 287 extensions sent data that closely matched the URLs visited during simulated browsing sessions. “The actors behind the leaks span the spectrum: Similarweb, Curly Doggo, Offidocs, Chinese actors, many smaller obscure data-brokers, and a mysterious ‘Big Star Labs’ that appears to be an extended arm of Similarweb,” the researcher said. To conduct the analysis, the researcher built an automated pipeline that launched Chrome instances, insta...