Tag: browser
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured
-
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control.The names of the extensions, which collectively have over 900,000 users, are below -Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI…
-
Researchers Warn of Data Exposure Risks in Claude Chrome Extension
Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers. First seen on hackread.com Jump to article: hackread.com/data-exposure-risk-claude-chrome-extension/
-
Stop the slop by disabling AI features in Chrome
The most popular desktop browser is festooned with Google AI, but you can make at least some of it go away First seen on theregister.com Jump to article: www.theregister.com/2025/12/26/disable_ai_features_chrome/
-
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed…
-
DarkSpectre Malware Campaign Hits Chrome, Edge, and Firefox Users
A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have operated undetected for over seven years, researchers revealed today. The operation represents one of the most extensive and professionally organized browser extension threats ever documented, combining long-term infrastructure investment with nation-state-level…
-
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.”Our Developer GitHub secrets were exposed in the attack, which gave the attacker access…
-
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/
-
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment. Blockchain investigator ZachXBT initially flagged the incident on the social media platform…
-
TDL 012 – The Architect of the Internet on the Future of Trust
Summary In this episode of The Defenders Log, Paul Mockapetris, the architect of DNS, discusses the evolving role of the Domain Name System from a simple directory to a sophisticated security tool. He posits that modern networking requires “making sure DNS doesn’t work when you don’t want it to,” comparing DNS filtering to essential services…
-
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials.The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both the browser add-ons are available for download as…
-
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/
-
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿æ¢), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market…
-
Urban VPN Proxy Spies on AI Chatbot Conversations
Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi Security. A browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself. First seen on govinfosecurity.com Jump to article:…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk – A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks Operation MoneyMount-ISO, Deploying Phantom Stealer via ISO-Mounted Executables Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users […]…
-
Waterfox browser goes AI-free, targets the Firefox faithful
Even if Mozilla is going to add an AI kill switch, that may not be enough to reassure many. First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/firefox_no_ai_alternative_waterfox/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Mozilla Corporation installs Firefox driver in CEO reboot
Anthony Enzor-DeMeo picked to replace interim boss Laura Chambers First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/mozilla_corporation_new_ceo/
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
GhostPoster Malware Hit 50K Users via Firefox Extension Icons
The GhostPoster campaign hid malware inside Firefox extension icons, infecting tens of thousands of users through trusted add-ons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghostposter-malware-hit-50k-users-via-firefox-extension-icons/