Browser

Chrome-Extension

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft

Cybersecurity researchers have uncovered a troubling case where two Google Chrome extensions became malicious after their ownership changed. The situation highlights a growing security threat in the browser extension ecosystem, where trusted tools can be converted into malware distribution channels. The affected extensions were originally associated with a developer using the email akshayanuonline@gmail.com, linked to the […]

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft Read More »

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel

Cybersecurity researchers have revealed technical details about a recently patched Google Chrome vulnerability that could have enabled malicious browser extensions to escalate privileges and access sensitive system resources. The flaw, identified as CVE-2026-0628 with a CVSS score of 8.8, stemmed from insufficient policy enforcement in Chrome’s WebView tag. Google addressed the issue in early January

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel Read More »

Google Introduces Merkle Tree Certificates to Support Quantum Resistant HTTPS in Chrome

Google has unveiled a new initiative within its Chrome browser aimed at strengthening HTTPS security against the long term threat of quantum computing. The move represents a significant step toward building a quantum-resistant internet without sacrificing speed or scalability. In a statement from the Chrome Secure Web and Networking Team, Google clarified that it does

Google Introduces Merkle Tree Certificates to Support Quantum Resistant HTTPS in Chrome Read More »

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms

Cybersecurity researchers are warning that attackers are disguising malicious software as popular gaming utilities to infect unsuspecting users. The campaign relies on browser downloads and chat platform sharing to deliver a Java based remote access trojan, enabling full control over compromised systems. According to the Microsoft Threat Intelligence team, the infection process begins with a malicious downloader

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms Read More »

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released Read More »

Malicious Chrome Extensions Exposed for Stealing Business Data, Emails, and Browsing History

Browser extensions are once again under scrutiny after multiple investigations revealed coordinated campaigns abusing Google Chrome add ons to steal business intelligence, authentication codes, emails, and browsing history. Security researchers have identified several malicious extensions impersonating productivity tools, AI assistants, and social media customization plugins. These threats specifically target platforms such as Meta Business Suite, Facebook Business Manager, Google Chrome,

Malicious Chrome Extensions Exposed for Stealing Business Data, Emails, and Browsing History Read More »

Researchers Uncover Chrome Extensions Exploiting Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered a cluster of malicious Google Chrome extensions designed to hijack affiliate links, exfiltrate user data, and steal OpenAI ChatGPT authentication tokens. These extensions exploit the trust users place in popular e-commerce and AI-related browser tools to gain persistent access to sensitive information. Amazon Ads Blocker and Affiliate Hijacking One notable extension, Amazon

Researchers Uncover Chrome Extensions Exploiting Affiliate Links and Stealing ChatGPT Access Read More »

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures

Cybersecurity analysts have uncovered an active malware campaign known as KongTuke, where attackers abuse a malicious Google Chrome extension to deliberately crash browsers and deceive users into executing harmful commands. The operation delivers a newly identified remote access trojan called ModeloRAT using a refined social engineering technique similar to ClickFix, now labeled CrashFix. The findings were disclosed by Huntress,

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures Read More »

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have identified five malicious Google Chrome extensions designed to mimic HR and ERP platforms such as Workday, NetSuite, and SuccessFactors, enabling attackers to hijack victim accounts. “These extensions operate together to steal authentication tokens, disable incident response features, and enable full account takeover via session hijacking,” said Socket researcher Kush Pandya in a

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts Read More »

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool

Cybersecurity analysts have uncovered a dangerous Google Chrome extension designed to steal API credentials from users of MEXC, a centralized cryptocurrency exchange operating in more than 170 countries. The extension disguises itself as a legitimate automated trading utility, tricking users into granting access that ultimately compromises their accounts. The extension, identified as MEXC API Automator with the

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool Read More »