Browser Extension
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, discovered by Koi Security, unfolded in distinct phases that gradually introduced additional malicious functionality, turning the browser extension from a legitimate tool into spyware. The ShadyPanda campaign consists […]
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. The devs will be required to disclose any new extension’s data practices in the manifest.json file using a dedicated browser_specific_settings.gecko.data_collection_permissions key beginning November 3, 2025. Mozilla will also require all extension developers to […]
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. Edge enables developers to install extensions locally (also known as sideloading) for testing purposes before publishing them to the Microsoft Edge Add-ons store by toggling the “Developer Mode” option on the Extensions management page and clicking the […]
Mozilla now lets Firefox add-on devs roll back bad updates
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. Once the latest extension version is reverted, users will no longer be able to install it. If automatic updates are enabled, the web browser will also automatically revert […]
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. Threat actors could exploit the security issues when victims visit a malicious page or websites vulnerable to cross-site scripting (XSS) or cache poisoning, where attackers […]
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed ‘GreedyBear’ has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. The campaign, discovered and documented by Koi Security, impersonates cryptocurrency wallet extensions from well-known platforms such as MetaMask, TronLink, and Rabby. These extensions are uploaded in a benign form […]
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. According to a recent blog post, Mozilla’s new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded. These alerts will prompt human […]
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. The extensions offer some of the promised functionality, but also connect to the threat actor’s infrastructure to steal user information or receive […]
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers
Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser. Manifest V3 is a Google-developed browser extension specification aimed at making add-on functionality in web browsers safer by restricting overly permissive network requests and remote content loading. Despite […]
New Syncjacking attack hijacks devices using Chrome extensions
A new attack called ‘Browser Syncjacking’ demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim’s device. The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. Despite the multi-stage process, the attack is stealthy, requires minimal permissions, […]