cross-posted from: https://lemmus.org/post/20110843

• We built an automated scanning pipeline that runs Chrome inside a Docker container, routes all traffic through a man‑in‑the‑middle (MITM) proxy, and watches for outbound requests that correlate with the length of the URLs we feed it.
• Using a leakage metric we flagged 287 Chrome extensions that exfiltrate browsing history.
• Those extensions collectively have ~37.4 M installations – roughly 1 % of the global Chrome user base.
• The actors behind the leaks span the spectrum: Similarweb, Curly Doggo, Offidocs, chinese actors, many smaller obscure data‑brokers, and a mysterious “Big Star Labs” that appears to be an extended arm of Similarweb.