News

Malicious browser extensions caught spying on 2 million users

Attackers have started to exploit the very signals that users assume will keep them safe when it comes to add-ons to improve ...
CSOonline1mon

Chrome extension privacy promises undone by hardcoded secrets, leaky ...

Chrome extensions were spotted leaking sensitive browser data like API keys, secrets, and tokens via unguarded HTTP transmissions and hardcoded spills.
Bleeping Computer3mon

Cookie-Bite attack PoC uses Chrome extension to ... - BleepingComputer

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain ...
Infosecurity-magazine.com3mon

Chrome Extension Uses AI Engine to Act Without User Input

A group of security researchers at ExtensionTotal has found a suspicious Google Chrome extension that can perform actions without requiring any permission from the user or being spotted by Chrome’s ...
ZDNet1mon

Is that extension safe? This free tool lets you know before you install

Other extensions receive much higher risk scores. Stealthy, a Chrome extension with 100,000 users and 1,600 ratings, earns a risk score of 7.4, while Edge extension Bulk Image Downloader, with ...
Ars Technica3mon

Researcher uncovers dozens of sketchy Chrome extensions with 4 million ...

Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs Even weirder: Why would Google give so many the "Featured" stamp for trustworthiness?
TechCrunch2mon

Google rolls out AI tools to protect Chrome users against scams

Google announced on Thursday that it’s rolling out new AI-powered defenses to help combat scams on Chrome. The tech giant will begin using Gemini Nano, its on-device large language model (LLM ...