Tag: chrome
-
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/
-
Google plans to make Chrome for Android an agentic browser with Gemini
Google appears to be testing a new feature that integrates Gemini into Chrome for Android, allowing you to use agentic browser capabilities on your mobile device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-plans-to-make-chrome-for-android-an-agentic-browser-with-gemini/
-
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still First…
-
Google Chrome Pushes Critical Security Update for 3B Users
Google patched high-severity CVE-2026-0628 in Chrome 143 and added Push API rate limits to curb notification spam, with penalties up to 14 days. The post Google Chrome Pushes Critical Security Update for 3B Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-vulnerabilities-3b/
-
Breach Roundup: Firewalls Headed for Obsolescence
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Fake AI Chrome Extensions Steal 900K Users’ Data
Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/fake-ai-chrome-extensions-steal-900k-users-data
-
Breach Roundup: Firewalls Headed for Obsolesce
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords. First seen on hackread.com Jump to article: hackread.com/discord-nodecordrat-steal-chrome-data-npm-packages/
-
Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users
Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-deepseek-extensions-spy-chrome-users/
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats
OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users. The post 900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
900,000 Users Hit as Chrome Extensions Steal AI Chat Data
Malicious Chrome extensions stole AI chat data from over 900,000 users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/900000-users-hit-as-chrome-extensions-steal-ai-chat-data/
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured
-
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control.The names of the extensions, which collectively have over 900,000 users, are below -Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI…
-
Researchers Warn of Data Exposure Risks in Claude Chrome Extension
Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers. First seen on hackread.com Jump to article: hackread.com/data-exposure-risk-claude-chrome-extension/
-
Stop the slop by disabling AI features in Chrome
The most popular desktop browser is festooned with Google AI, but you can make at least some of it go away First seen on theregister.com Jump to article: www.theregister.com/2025/12/26/disable_ai_features_chrome/
-
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed…
-
DarkSpectre Malware Campaign Hits Chrome, Edge, and Firefox Users
A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have operated undetected for over seven years, researchers revealed today. The operation represents one of the most extensive and professionally organized browser extension threats ever documented, combining long-term infrastructure investment with nation-state-level…
-
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.”Our Developer GitHub secrets were exposed in the attack, which gave the attacker access…
-
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized browser extensions to exfiltrate huge amounts of sensitive data. First seen on securityboulevard.com Jump to…
-
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/
-
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment. Blockchain investigator ZachXBT initially flagged the incident on the social media platform…
-
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials.The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both the browser add-ons are available for download as…
-
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/