Cybersecurity analysts have identified numerous well-known Google Chrome extensions that have been discovered to send data via HTTP and embed secrets within their code, thereby putting users at risk of privacy and security breaches.

“Multiple commonly utilized extensions […] inadvertently send confidential data over unencrypted HTTP,” stated Yuanjing Guo, a security researcher at Symantec’s Security Technology and Response.