Worth a MalExt Report? A 2 Million-User Chrome Extension Added Give Freely/Wildlink in a 5-Day Update
A popular Chrome extension with over 2 million users introduced a new component related to Give Freely/Wildlink in a rapid update cycle. This addition enables merchant detection, affiliate attribution, and donation campaigns without requesting new permissions, meaning users received the update automatically. The Give Freely/Wildlink infrastructure appears in multiple unrelated extensions, suggesting it is a white-label monetization or fundraising SDK. There is no evidence of malware, credential theft, or overtly malicious behavior at this time. The main concern is potential transparency and privacy implications due to expanded functionality without explicit user consent.
AI Analysis
Technical Summary
Between versions 1.0.3 and 1.0.4 of the Volume Booster Chrome extension, a new content script related to Give Freely/Wildlink was added. This script supports merchant detection and affiliate attribution, likely for monetization or fundraising purposes. No new Chrome permissions were requested, so existing users received the update silently. The same Give Freely/Wildlink component is found in multiple unrelated extensions, indicating it is distributed as a white-label SDK. There is currently no evidence of malicious activity such as malware or credential theft. The update represents a significant functional expansion that may raise privacy or transparency concerns.
Potential Impact
The extension's update introduces affiliate tracking and donation campaign capabilities without new permission prompts, potentially impacting user privacy and transparency. There is no confirmed malicious activity or exploitation. Users may be unaware of the new data collection and affiliate attribution behaviors introduced by the update.
Mitigation Recommendations
No official patch or remediation is indicated or required as this is not confirmed malware or a vulnerability. Users concerned about privacy or transparency should consider reviewing extension updates carefully and potentially disabling or removing extensions that introduce unexpected functionality. Security teams should monitor for further research or reports regarding this SDK and its privacy implications.
Worth a MalExt Report? A 2 Million-User Chrome Extension Added Give Freely/Wildlink in a 5-Day Update
Description
A popular Chrome extension with over 2 million users introduced a new component related to Give Freely/Wildlink in a rapid update cycle. This addition enables merchant detection, affiliate attribution, and donation campaigns without requesting new permissions, meaning users received the update automatically. The Give Freely/Wildlink infrastructure appears in multiple unrelated extensions, suggesting it is a white-label monetization or fundraising SDK. There is no evidence of malware, credential theft, or overtly malicious behavior at this time. The main concern is potential transparency and privacy implications due to expanded functionality without explicit user consent.
Reddit Discussion
I've been reversing the 2M+ user Volume Booster Chrome extension and found something interesting.
Between v1.0.3 (2025-06-27) and v1.0.4 (2025-07-02), the extension added:
"content_scripts": [{ "matches": ["<all_urls>"], "js": [ "vendor/GiveFreely-content.umd.js", "content-script.js" ] }] The previous version was essentially a small audio booster. The newer version introduces a Give Freely / Wildlink component that appears to support merchant detection, affiliate attribution, and donation campaigns.
No new permissions were added, meaning existing users would have received the update automatically without a new Chrome permission approval prompt.
I've also found the same Give Freely / Wildlink infrastructure in multiple unrelated extensions, which makes me think it's being distributed as a white-label monetization/fundraising SDK.
I'm still investigating and considering whether this is worth adding to MalExt. At this point I don't have evidence of malware, credential theft, or anything overtly malicious just a significant expansion of functionality in a 2M-user extension.
Curious what others think. Is this a transparency/privacy concern, or just a normal extension monetization model? Any opinions or prior research on Give Freely / Wildlink would be appreciated so i can added to malext.io
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Between versions 1.0.3 and 1.0.4 of the Volume Booster Chrome extension, a new content script related to Give Freely/Wildlink was added. This script supports merchant detection and affiliate attribution, likely for monetization or fundraising purposes. No new Chrome permissions were requested, so existing users received the update silently. The same Give Freely/Wildlink component is found in multiple unrelated extensions, indicating it is distributed as a white-label SDK. There is currently no evidence of malicious activity such as malware or credential theft. The update represents a significant functional expansion that may raise privacy or transparency concerns.
Potential Impact
The extension's update introduces affiliate tracking and donation campaign capabilities without new permission prompts, potentially impacting user privacy and transparency. There is no confirmed malicious activity or exploitation. Users may be unaware of the new data collection and affiliate attribution behaviors introduced by the update.
Mitigation Recommendations
No official patch or remediation is indicated or required as this is not confirmed malware or a vulnerability. Users concerned about privacy or transparency should consider reviewing extension updates carefully and potentially disabling or removing extensions that introduce unexpected functionality. Security teams should monitor for further research or reports regarding this SDK and its privacy implications.
Technical Details
- Source Type
- Subreddit
- netsec
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a330872f198dc38c1061477
Added to database: 6/17/2026, 8:49:54 PM
Last enriched: 6/17/2026, 8:49:59 PM
Last updated: 6/17/2026, 10:08:19 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.