#malicious-extensions

[ follow ]
#browser-security #chrome-security-vulnerability #privilege-escalation #supply-chain-attack
#chrome-security-vulnerability
Information security
fromZDNET
2 weeks ago

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A high-severity vulnerability in Chrome's Gemini feature allows malicious extensions to inject code, enabling attackers to spy on users, steal data, access webcams and microphones, and conduct phishing attacks.
Information security
fromTheregister
2 weeks ago

Chrome AI panel became privilege escalator for extensions

A high-severity Chrome vulnerability allowed malicious extensions to hijack the Gemini Live AI panel and gain unauthorized access to system resources like cameras, microphones, and local files.
Information security
fromThe Hacker News
2 weeks ago

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

A patched Chrome vulnerability (CVE-2026-0628) allowed malicious extensions to escalate privileges and access local files, camera, microphone, and screenshots through insufficient WebView policy enforcement.
Information security
fromZDNET
2 weeks ago

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A high-severity vulnerability in Chrome's Gemini feature allows malicious extensions to inject code, enabling attackers to spy on users, steal data, access webcams and microphones, and conduct phishing attacks.
more#chrome-security-vulnerability
Information security
fromThe Hacker News
2 months ago

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-powered VS Code forks recommend non-existent Open VSX extensions, enabling attackers to register those namespaces and publish malicious packages that compromise developers.
#supply-chain-attack
more#supply-chain-attack
Information security
fromComputerworld
4 months ago

AI browsers can be abused by malicious AI sidebar extensions: Report

Malicious browser extensions can spoof AI sidebars to steal data, redirect users, or install backdoors; organizations must audit extensions and enforce zero-trust controls.
Information security
fromDevOps.com
6 months ago

WhiteCobra Targets Developers with Dozens of Malicious Extensions - DevOps.com

WhiteCobra distributes malicious VSCode and Open VSX extensions to steal cryptocurrency wallets from developers using VSCode, Cursor, and Windsurf.
fromTheregister
8 months ago

Browser hijacking campaign infects 2.3M Chrome, Edge users

The Geco color picker extension, while appearing safe and helpful, hijacks browser sessions, tracks user activities, and backdoors victims' web browsers, highlighting significant security concerns.
Privacy professionals
[ Load more ]