How do Chrome extension ownership transfers work?

The Chrome Web Store allows developers to transfer extension ownership with minimal oversight. The new owner can push updates to all existing users immediately. There is no browser-level notification when ownership changes.

What percentage of popular Chrome extensions have changed owners?

A Q2 2024 Google Web Store audit found that 14.7% of extensions with 100K or more users have changed ownership at least once.

What is the AllBlock ownership transfer attack?

AllBlock changed ownership December 14, 2024. Two weeks later the new owner pushed an update that started harvesting clickstream data via a domain registered days before the transfer.

How can users protect themselves from malicious ownership transfers?

Currently the only tool is 'Under New Management' (GitHub, 634 stars), which requires manual periodic checks. Chrome has no native alert system. Users can also restrict extension permissions to specific sites.

← Back to dashboard

clawsmith.com/signal/ext-silent-ownership-transfer-weaponizes-trusted-extensions

⚠ IssueUnderservedbrowser_extensionLive

Trusted Chrome extensions silently change owners and turn malicious with no user warning

When Chrome extension developers sell or transfer their extensions, the new owner can push a malicious update to all existing users with zero notification. The Chrome Web Store has no ownership-continuity hash and no native alert for ownership changes. A March 2024 HN thread on the 'Under New Management' tool (783 pts) revealed that 14.7% of extensions with 100K+ users have changed owners. Real example: AllBlock changed from allblock@proton.me to woof@curlydoggo.com on December 14, 2024 and immediately started harvesting clickstream data. Trust Wallet's December 2025 supply chain attack drained $8.5M from 2,520 wallets via a compromised extension update. A GitHub tool (634 stars) was built specifically to detect owner changes, proving no native solution exists.

Product Idea from this Signal

A browser extension that alerts users when installed extensions change ownership, permissions, or code silently

1.5k ▲

Chrome extensions are routinely acquired after building trust, then repurposed to inject ads, steal credentials, or exfiltrate data. The Web Store shows no ownership-change notice, and users have no way to know a developer they trusted no longer controls the extension. This tool monitors every installed extension's publisher, permissions, and update fingerprint and immediately notifies the user the moment anything changes.

browser securityextension managementprivacyownership monitoringChrome

Competitive156 leadsView Opportunity →

Score Breakdown

821

GitHub

652

Social Proof 2 sources

Detect when your installed Chrome extensions have changed owners

3/6/2024

821 GH

classvsoftware/under-new-management - Detect when your installed extensions have changed owners

gh:classvsoftware · 3/1/2024

652

Existing Solutions 2 competitors

Under New Management634 GitHub stars. User-maintained, no active commercial product.

Chrome extension that alerts users when other installed extensions change their developer/publisher info.

LayerX Enterprise Extension SecurityEnterprise-only, Google Chrome Enterprise integration. Not available to individual users.

Enterprise product that risk-scores Chrome extensions and integrates with Chrome for Enterprise.

Gap Assessment

UnderservedExisting solutions leave gaps

Under New Management (GitHub, 634 stars) alerts on owner changes but is a manual check bandaid, not a proactive defense. LayerX provides enterprise extension risk scoring but is not a consumer product. No tool actively verifies that the entity maintaining your extension today is the same entity that built it.

Frequently Asked Questions

Virality Score

1,473

across 0 platforms

Details

Signalissue

Ecosystembrowser_extension

Sources2

Platforms0

Updated1h ago

Trend→ stable

Top ideas

All ideas →

0A CLI tool that wraps stateful MCP servers and externalizes their session state so they run behind standard round-robin load balancers without sticky routing 0A CLI tool that tails and greps logs across multiple remote hosts in a single TUI without centralized infrastructure 0A browser extension that removes Gemini and all Google AI injections from Chrome across Search, Gmail, Docs, and Drive in one toggle