Tag: browser
-
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ad-blocker-extension-crashes-the-browser-for-clickfix-attacks/
-
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/19/fake-browser-crash-alert-chrome-edge-extension/
-
Malicious Google Chrome Extensions Hijack Workday and Netsuite
Users of widely used HR and ERP platforms targeted with malicious extensions which were available in the Chrome Web Store First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-google-chrome-extension/
-
How to Remove Saved Passwords From Google Chrome (And Why You Should)
It usually starts with a small convenience. You log into a site once, Chrome offers to remember the password, and you click “Save” without thinking twice. Weeks turn into months, devices multiply, and before you know it, your browser knows more about your digital life than you do. This is exactly how many users end up relying on…
-
Five Chrome extensions caught hijacking enterprise sessions
Blocking defenses and hijacking sessions: The campaign went beyond stealing credentials. Two of the extensions, Tool Access 11 and Data By Cloud 2, incorporated DOM manipulation routines that actively blocked access to security and administrative pages within the targeted platforms. This prevented the enterprise admins from reaching screens to change passwords, view sign-on history, or…
-
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT.This new escalation of ClickFix has…
-
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT.This new escalation of ClickFix has…
-
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems
Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work together to steal session tokens, block security controls, and enable complete account takeover through session hijacking. Four of the extensions are published under…
-
GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically mature and persistent browser extension threats documented to date. The GhostPoster campaign leverages an uncommon…
-
Google Chrome tests Gemini-powered AI “Skills”
Google is testing “Skills” for Gemini in Chrome, which will allow AI in Chrome to perform tasks automatically, and it could challenge Perplexity Comet or Edge’s Copilot mode. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-chrome-tests-gemini-powered-ai-skills/
-
Google Chrome now lets you turn off on-device AI model powering scam detection
Google Chrome now lets you delete the local AI models that power the “Enhanced Protection” feature, which was upgraded with AI capabilities last year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-chrome-now-lets-you-turn-off-on-device-ai-model-powering-scam-detection/
-
Credential-stealing Chrome extensions target enterprise HR platforms
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/
-
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/
-
Google plans to make Chrome for Android an agentic browser with Gemini
Google appears to be testing a new feature that integrates Gemini into Chrome for Android, allowing you to use agentic browser capabilities on your mobile device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-plans-to-make-chrome-for-android-an-agentic-browser-with-gemini/
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still First…
-
Google Chrome Pushes Critical Security Update for 3B Users
Google patched high-severity CVE-2026-0628 in Chrome 143 and added Push API rate limits to curb notification spam, with penalties up to 14 days. The post Google Chrome Pushes Critical Security Update for 3B Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-vulnerabilities-3b/
-
Breach Roundup: Firewalls Headed for Obsolescence
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Fake AI Chrome Extensions Steal 900K Users’ Data
Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/fake-ai-chrome-extensions-steal-900k-users-data
-
Breach Roundup: Firewalls Headed for Obsolesce
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords. First seen on hackread.com Jump to article: hackread.com/discord-nodecordrat-steal-chrome-data-npm-packages/
-
Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users
Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-deepseek-extensions-spy-chrome-users/
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats
OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users. The post 900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
900,000 Users Hit as Chrome Extensions Steal AI Chat Data
Malicious Chrome extensions stole AI chat data from over 900,000 users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/900000-users-hit-as-chrome-extensions-steal-ai-chat-data/
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured