Skip to main content

Tag: browser extensions

25 articles

Person sitting at desk with laptop and crypto wallet interface surrounded by multiple monitors in a university setting.

Crypto Wallets Expose Users to Cross-Site Tracking Risks

Researchers at KU Leuven have uncovered a concerning vulnerability in popular crypto wallets, finding that they can leak user data, allowing for cross-site tracking and linking of separate addresses. This issue affects around 35 million users of 85 widely-used browser-extension wallets.

Analyst 207
Browser extension icon on a computer screen with abstract code in the background.

Microsoft Disrupts StegoAd Malware Operation in Edge Extensions

Microsoft cracked down on a sneaky malware operation called StegoAd, which had infected up to 2.6 million installs across 119 Edge extensions with hidden code that lay dormant for days before stealing credentials and committing ad fraud. The cleverly concealed code was tucked away in ordinary image and font files, making it a challenge to detect.

Analyst 207
Google Chrome browser window on a laptop with blurred extensions page and cityscape outside.

Chrome Extensions Exploit User Data for Adware, Fake Traffic

Beware of Chrome extensions that seem too good to be true: 152 fake live wallpaper and new-tab add-ons have been downloaded around 105,000 times and are secretly spreading adware and fake traffic. These malicious extensions, masquerading as popular themes, have been hiding in plain sight on the Chrome Web Store.

Analyst 207
Employees work at desks with laptops and smartphones, surrounded by papers and office supplies, with blurred software…

Managing Shadow AI Tools Requires a Proactive Security Approach

Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.

Analyst 207
Shadowy figure lurks near glowing laptop and smartphone screens in a dark setting.

Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data

Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.

Analyst 207
Person sitting at laptop with cityscape on screen, scissors on desk, and web-like grid pattern overlaying the display.

Browser Extensions Emerge as Unchecked AI Security Risk

Did you know that the biggest AI security risk to your organization might be hiding in plain sight - in the browser extensions used by every employee, quietly evading your existing security protections? A recent report from LayerX reveals the shocking truth about this largely overlooked threat.

Analyst 207
ShadyPanda Stunning Scheme Damages 4.3M Chrome & Edge

ShadyPanda Stunning Scheme Damages 4.3M Chrome & Edge

Think twice before clicking Add to Chrome—a sprawling campaign called ShadyPanda used dozens of seemingly helpful browser extensions to secretly siphon data from an estimated 4.3 million Chrome and Edge users. By cloning listings and routing telemetry to shared command-and-control endpoints, attackers turned legit marketplaces into a stealth distribution network that slipped past detection.

Analyst 207
WhatsApp Web automation: Risky Must-Have Threat

WhatsApp Web automation: Risky Must-Have Threat

What looked like handy WhatsApp Web productivity add-ons were actually 131 cloned Chrome extensions hijacked to blast spam across Brazil, reaching about 20,900 users before takedown. Socket’s investigation is a wake-up call—check extension reputations, limit permissions, and treat browser add-ons with the same caution you’d give any app that touches your messages.

Analyst 207
browser-based attacks: Critical Must-Have Defenses

browser-based attacks: Critical Must-Have Defenses

We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

Analyst 207
FreeVPNOne Risky VPN: Exclusive Screenshot Threat

FreeVPNOne Risky VPN: Exclusive Screenshot Threat

A popular Chrome VPN extension, FreeVPN.One, was found secretly taking screenshots of users’ browsing and sending them off‑device — and it was still listed in the Chrome Web Store. Check your extensions, review permissions, and prefer system‑level VPNs for truly private browsing.

Analyst 207
PromptFix attacks: Must-Have Defenses vs Risky Threats

PromptFix attacks: Must-Have Defenses vs Risky Threats

Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

Analyst 207
DOM-based extension clickjacking: Stunning Risky Threat

DOM-based extension clickjacking: Stunning Risky Threat

Think your browser’s password-manager icon is a safe guardian? New research shows a clever DOM-based clickjacking trick can coerce popular extensions into spilling passwords, 2FA codes and card details— a wake-up call for users, developers and browser vendors to tighten UI isolation and patch quickly.

Analyst 207
VPN extension Risky: Stunning Privacy Betrayal

VPN extension Risky: Stunning Privacy Betrayal

Thought your VPN extension kept you private? Researchers found a popular Chrome add-on quietly turned into spyware, exfiltrating browsing data—time to audit your extensions and stick with reputable, audited tools.

Analyst 207
Researchers Expose 18 Malicious Chrome and Edge Extensions

Researchers Expose 18 Malicious Chrome and Edge Extensions

Think your browser extensions are all safe? Think again—researchers just uncovered 18 sneaky Chrome and Edge add-ons hiding in plain sight, putting your privacy and security at serious risk.

Analyst 207
Widespread Browser Hijacking Affects 2.3 Million Chrome and Edge Users

Widespread Browser Hijacking Affects 2.3 Million Chrome and Edge Users

Widespread browser hijacking impacts 2.3 million Chrome and Edge users, compromising security and altering user settings. Protect your browsing now!

Analyst 207
18 Deceptive Chrome and Edge Extensions Uncovered by Researchers

18 Deceptive Chrome and Edge Extensions Uncovered by Researchers

Discover 18 deceptive Chrome and Edge extensions identified by researchers that pose security risks and compromise user privacy. Stay informed!

Analyst 207
Dangerous Chrome Extensions Discovered on Web Store with 1.7 Million Installs

Dangerous Chrome Extensions Discovered on Web Store with 1.7 Million Installs

“Discover dangerous Chrome extensions found on the Web Store, impacting 1.7 million users. Learn how to protect your data and browse safely.”

Analyst 207
Scrubbing Your Browser: How to Remove Ad Tech’s Traces

Scrubbing Your Browser: How to Remove Ad Tech’s Traces

Learn how to effectively scrub your browser and eliminate traces of ad tech for a cleaner, more private browsing experience.

Analyst 207
Malicious Browser Extensions Target Over 700 Latin American Users Since Early 2025

Malicious Browser Extensions Target Over 700 Latin American Users Since Early 2025

Since early 2025, malicious browser extensions compromised privacy by targeting 700+ Latin American users, triggering urgent security alerts.

Analyst 207
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

Chrome extensions mimicking Fortinet, YouTube, and VPNs steal data. Beware of fake plugins and secure your browser to protect sensitive info.

Analyst 207
New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions

New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions

New ‘Chihuahua’ Infostealer targets browser data and crypto wallet extensions, exposing users to digital asset theft and compromised online security.

Analyst 207
New Report: Most Browser Extensions Threaten User Security

New Report: Most Browser Extensions Threaten User Security

A recent report reveals that most browser extensions jeopardize user security. Learn about the threats and protect your online privacy today.

Analyst 207
Popular Chrome Extensions with 6 Million Installs Found to Contain Hidden Tracking Code

Popular Chrome Extensions with 6 Million Installs Found to Contain Hidden Tracking Code

Discover how popular Chrome extensions with 6 million installs were found to contain hidden tracking code, raising privacy concerns for users.

Analyst 207
New Malicious PyPI Package Exploits MEXC Trading API to Hijack Credentials and Orders

New Malicious PyPI Package Exploits MEXC Trading API to Hijack Credentials and Orders

New malicious PyPI package targets MEXC Trading API, hijacking user credentials and orders, posing serious security risks for traders.

Analyst 207