If you ever thought your browser extensions were like digital cats—harmless and cozy—think again. It turns out these fuzzy, innocent Chrome extensions are moonlighting as somewhat less ethical data brokers. Who knew your search bar needed secrets to keep warm?

Yes, in a breathtaking display of cybersecurity theatrics, a host of popular Chrome extensions have decided to transmit your personal data via an HTTP highway. Imagine it’s like mailing your credit card info on a postcard with glitter. Everybody loves glitter until they realize it’s forever.

But wait, there’s more! Not only do these extensions send your data like it’s 1995, they also stash hardcoded credentials like a squirrel with a severe nut-hoarding problem. It’s secure as Fort Knox if Fort Knox were made of Jenga blocks.

So while you leaf through your dwindling faith in digital security, remember: these extensions have been brought to you by developers who think ‘HTTPS’ is a luxury and ‘security’ is an optional checkbox right next to ‘dark mode.’