Chrome extension
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. Most of the add-ons provide the advertised functionality and pose as legitimate tools like color pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform […]
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. The extensions offer some of the promised functionality, but also connect to the threat actor’s infrastructure to steal user information or receive […]
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]
Chrome extensions with 6 million installs have hidden tracking code
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. These extensions are ‘hidden,’ meaning they don’t show up on Chrome Web Store searches, nor do search engines index them, and can only be installed […]
Malicious Chrome extensions can spoof password managers in new attack
A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. […]
New Syncjacking attack hijacks devices using Chrome extensions
A new attack called ‘Browser Syncjacking’ demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim’s device. The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. Despite the multi-stage process, the attack is stealthy, requires minimal permissions, […]
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. Although initial reports focused on Cyberhaven’s security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by […]
Cybersecurity firm’s Chrome extension hijacked to steal users’ data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. […]
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. Bitwarden is a popular password manager app with a “free” tier featuring end-to-end encryption, cross-platform support, MFA integration, and a user-friendly interface. Its user base has been growing steadily in the […]
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by GeekFeed. LastPass is a popular password […]