Google disabled the JSON Formatter Chrome extension on April 11, 2026, after SentinelOne researchers detected adware. Chrome Web Store data showed 2 million active users as of April 10, 2026. Users reported redirects to malicious sites.
Chrome Web Store administrators logged the removal at 09:00 UTC on April 11. A solo developer maintained the extension for JSON data formatting. Users noted pop-up ads from April 8 via Chrome Web Store reviews.
SentinelOne Analyzes Chrome Extension Adware
SentinelOne researchers reviewed the April 10 update in their April 11 report. The code injected JavaScript from third-party domains. Browsers showed banners for fake antivirus software.
SentinelOne labeled it an AdLoad variant. Developers used it for API testing in fintech apps. Chrome Web Store listed 500,000 installs in March 2026.
Google quarantined the extension two hours after SentinelOne's report. Chrome suspended the publisher account. SentinelOne confirmed no data theft beyond ad tracking.
User Impacts and Fintech Disruptions
Users saw browser slowdowns and redirects. Fintech developers parsed APIs from Binance and Coinbase with the tool. Alex Chen, senior developer at Kraken Exchange, said on April 11 API testing stopped due to the incident.
Google directed users to chrome://extensions for manual removal. The firm started automatic uninstalls for infections. Malwarebytes issued a free scanner on April 11.
Gartner analyst Rajesh Rao told CSN.news on April 11 that developers lost 2-4 hours of productivity. Crypto exchanges and AI firms began extension audits.
Broader Supply Chain Vulnerabilities
Google stated on April 11 that Chrome Web Store skips automated code review for updates. Attackers compromised the developer account to add adware.
Forrester's 2025 Developer Tools Survey found 40% of developers use unvetted plugins daily. Sonatype's 2025 report noted similar attacks on npm packages.
The EU Digital Services Act mandates supply chain audits for platforms by 2027. US lawmakers wrote to the FTC on April 11 seeking Chrome Web Store security review.
Financial Markets React to Chrome Extension Adware
CrowdStrike shares fell 1.2% in pre-market trading on April 11 at 09:30 ET, per Nasdaq. Palo Alto Networks shares gained 0.8%.
Bitcoin traded at $72,820 USD at 14:00 UTC on April 11, up 1.0% daily per CoinMarketCap. Ethereum hit $2,240 USD, up 2.1%. XRP reached $1.35 USD, up 0.3%.
Aave developers shifted to VS Code extensions for JSON, per engineering lead Maria Lopez on April 11. Stripe and Plaid announced quarterly tool reviews.
Google's Response and Future Safeguards
Google released Chrome 125 updates on April 11 with manifest verification and per-update scans. Developers must use two-factor authentication for publishing.
A Google bulletin listed patches for 12 vulnerabilities that day. The extension rating dropped to 1.2 stars from 4.7 on Chrome Web Store.
Microsoft Edge and Firefox stores rejected the compromised version. Enterprises widened browser audits.
Developers advise pinning extensions to versions and using JSON Crack. Chrome holds 65% global browser share per StatCounter Q1 2026 data.
Fintech firms will conduct quarterly developer tool reviews. SentinelOne predicts more browser ecosystem scrutiny in its 2026 threat report.
