Tag: browser extensions
25 articles
Crypto Wallets Expose Users to Cross-Site Tracking Risks
Researchers at KU Leuven have uncovered a concerning vulnerability in popular crypto wallets, finding that they can leak user data, allowing for cross-site tracking and linking of separate addresses. This issue affects around 35 million users of 85 widely-used browser-extension wallets.

Microsoft Disrupts StegoAd Malware Operation in Edge Extensions
Microsoft cracked down on a sneaky malware operation called StegoAd, which had infected up to 2.6 million installs across 119 Edge extensions with hidden code that lay dormant for days before stealing credentials and committing ad fraud. The cleverly concealed code was tucked away in ordinary image and font files, making it a challenge to detect.

Chrome Extensions Exploit User Data for Adware, Fake Traffic
Beware of Chrome extensions that seem too good to be true: 152 fake live wallpaper and new-tab add-ons have been downloaded around 105,000 times and are secretly spreading adware and fake traffic. These malicious extensions, masquerading as popular themes, have been hiding in plain sight on the Chrome Web Store.

Managing Shadow AI Tools Requires a Proactive Security Approach
Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.

Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data
Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.

Browser Extensions Emerge as Unchecked AI Security Risk
Did you know that the biggest AI security risk to your organization might be hiding in plain sight - in the browser extensions used by every employee, quietly evading your existing security protections? A recent report from LayerX reveals the shocking truth about this largely overlooked threat.

ShadyPanda Stunning Scheme Damages 4.3M Chrome & Edge
Think twice before clicking Add to Chrome—a sprawling campaign called ShadyPanda used dozens of seemingly helpful browser extensions to secretly siphon data from an estimated 4.3 million Chrome and Edge users. By cloning listings and routing telemetry to shared command-and-control endpoints, attackers turned legit marketplaces into a stealth distribution network that slipped past detection.

WhatsApp Web automation: Risky Must-Have Threat
What looked like handy WhatsApp Web productivity add-ons were actually 131 cloned Chrome extensions hijacked to blast spam across Brazil, reaching about 20,900 users before takedown. Socket’s investigation is a wake-up call—check extension reputations, limit permissions, and treat browser add-ons with the same caution you’d give any app that touches your messages.

browser-based attacks: Critical Must-Have Defenses
We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

FreeVPNOne Risky VPN: Exclusive Screenshot Threat
A popular Chrome VPN extension, FreeVPN.One, was found secretly taking screenshots of users’ browsing and sending them off‑device — and it was still listed in the Chrome Web Store. Check your extensions, review permissions, and prefer system‑level VPNs for truly private browsing.

PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

DOM-based extension clickjacking: Stunning Risky Threat
Think your browser’s password-manager icon is a safe guardian? New research shows a clever DOM-based clickjacking trick can coerce popular extensions into spilling passwords, 2FA codes and card details— a wake-up call for users, developers and browser vendors to tighten UI isolation and patch quickly.

VPN extension Risky: Stunning Privacy Betrayal
Thought your VPN extension kept you private? Researchers found a popular Chrome add-on quietly turned into spyware, exfiltrating browsing data—time to audit your extensions and stick with reputable, audited tools.

Researchers Expose 18 Malicious Chrome and Edge Extensions
Think your browser extensions are all safe? Think again—researchers just uncovered 18 sneaky Chrome and Edge add-ons hiding in plain sight, putting your privacy and security at serious risk.

Widespread Browser Hijacking Affects 2.3 Million Chrome and Edge Users
Widespread browser hijacking impacts 2.3 million Chrome and Edge users, compromising security and altering user settings. Protect your browsing now!

18 Deceptive Chrome and Edge Extensions Uncovered by Researchers
Discover 18 deceptive Chrome and Edge extensions identified by researchers that pose security risks and compromise user privacy. Stay informed!

Dangerous Chrome Extensions Discovered on Web Store with 1.7 Million Installs
“Discover dangerous Chrome extensions found on the Web Store, impacting 1.7 million users. Learn how to protect your data and browse safely.”

Scrubbing Your Browser: How to Remove Ad Tech’s Traces
Learn how to effectively scrub your browser and eliminate traces of ad tech for a cleaner, more private browsing experience.

Malicious Browser Extensions Target Over 700 Latin American Users Since Early 2025
Since early 2025, malicious browser extensions compromised privacy by targeting 700+ Latin American users, triggering urgent security alerts.

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Chrome extensions mimicking Fortinet, YouTube, and VPNs steal data. Beware of fake plugins and secure your browser to protect sensitive info.

New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions
New ‘Chihuahua’ Infostealer targets browser data and crypto wallet extensions, exposing users to digital asset theft and compromised online security.

New Report: Most Browser Extensions Threaten User Security
A recent report reveals that most browser extensions jeopardize user security. Learn about the threats and protect your online privacy today.
Popular Chrome Extensions with 6 Million Installs Found to Contain Hidden Tracking Code
Discover how popular Chrome extensions with 6 million installs were found to contain hidden tracking code, raising privacy concerns for users.

New Malicious PyPI Package Exploits MEXC Trading API to Hijack Credentials and Orders
New malicious PyPI package targets MEXC Trading API, hijacking user credentials and orders, posing serious security risks for traders.