'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
uk Technology & digital loss unknown browser extension • mystery browser add-on • extension appeared by itself • cannot remove extension • remove button greyed out • extension locked • installed by policy • installed by enterprise policy • managed by your organisation • browser hijacker extension • suspicious chrome extension • suspicious edge extension • firefox add-on won’t uninstall • safari extension you didn’t install • browser settings changed • redirects in browser • popups after installing extension • extension keeps coming back • unwanted toolbar extension • browser malware signs What to do if…
What to do if…
an unknown browser extension appears and you cannot remove it normally
Short answer
Assume it’s unsafe: stop using that browser profile for sensitive logins, then remove control (scan + remove the re-installer + reset or replace the browser profile) rather than repeatedly trying the normal Remove button.
Do not do these things
- Don’t sign in to banking, email, NHS/benefits, or work systems in the affected browser/profile.
- Don’t follow pop-ups offering a “cleanup” download or a phone number for “support”.
- Don’t install random “extension remover / cleanup” tools you find via ads or redirects.
- Don’t paste admin passwords, recovery codes, or card details into the browser while the extension is still present.
- Don’t assume it’s safe because it has a familiar name or icon.
What to do now
- Stop sensitive use immediately. Close the browser. If you must access key accounts now, use a different device or a different browser/profile you trust.
- Capture quick details. Screenshot (or write down) the extension name, any publisher info shown, and any message like “Installed by policy” or “Managed by your organisation”.
- Check if this is legitimate management. If it’s a work/school device or account, contact your IT/helpdesk and follow their process. If it’s your personal device and it says “managed”, treat that as suspicious until proven otherwise.
- Try the built-in browser recovery route (often helps).
- Chrome: Use Reset settings (restore settings to original defaults). If the problem persists, create a fresh Chrome profile (new user) and stop using the old one.
- Firefox: Use Mozilla’s steps for an add-on that cannot be removed (this can happen with policy-locked extensions).
- Safari (Mac): In Safari Settings > Extensions, uninstall anything you didn’t choose.
- Remove what’s forcing it to come back. Check your installed apps/programs list for anything new or unfamiliar around when this started (especially “coupon”, “search”, “PDF”, “assistant”, “video”, “security”). Uninstall suspicious items and restart.
- Run a deep malware scan.
- Windows: Run a full scan with Windows Security, then run Microsoft Defender Offline scan if you can.
- macOS: Update macOS, then scan using reputable security software you already have (or get trusted help). If you see device management/profiles you don’t recognise, pause and get help before removing them.
- Secure accounts from a clean place if exposure is possible. From a different device (or a fresh browser profile), change your email password first, then financial accounts. Turn on 2-step verification where you can.
- Report if it involved a scam, phishing, or losses.
- If you clicked a suspicious link or downloaded something from a message, report it via the UK phishing reporting service (forward suspicious emails to report@phishing.gov.uk).
- If money was lost or accounts were taken over, report to Report Fraud (the UK reporting service for cyber crime and fraud).
What can wait
- You do not need to identify the exact malware family or “who did it” today.
- You do not need to wipe the whole computer as a first move if reset + uninstall + scan removes the persistence.
- You do not need to contact every service you use right now — prioritise email + financial first.
Important reassurance
An extension that won’t remove is often just the visible symptom. The effective pattern is: stop sensitive use → record clues (“managed/policy”) → remove the re-installer app/policy → deep scan → then secure key accounts from a clean environment.
Scope note
These are first steps to stabilise and prevent irreversible mistakes. If the extension returns after a reset/new profile plus uninstalling suspicious apps and running an offline-capable scan, hands-on help is appropriate.
Important note
This is general information, not legal or professional advice. On work/school-managed devices, follow your organisation’s IT/security process. If you’re unsure about removing device management settings/profiles, pause and get qualified help to avoid breaking access or losing data.
Additional Resources
- https://support.google.com/chrome_webstore/answer/2664769?hl=en-GB
- https://support.google.com/chrome/answer/3296214?hl=en-GB
- https://support.mozilla.org/en-US/kb/cannot-remove-add-on-extension-or-theme
- https://support.apple.com/en-gb/102343
- https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-offline
- https://www.gov.uk/report-suspicious-emails-websites-phishing
- https://www.reportfraud.police.uk/