{ "metadata": { "generated_at": "2026-04-12T20:59:34+00:00", "range": { "start_year": 2000, "end_year": 2026 }, "coverage": "Incident-focused subset selected by extension+incident keyword heuristics plus seeded reports.", "counts": { "incidents": 133, "sources": 40, "incident_types": { "malicious-extension": 123, "vulnerability": 17, "other": 2, "supply-chain": 18, "ai-related": 12 } } }, "entries": [ { "id": "addons-2010-07-13-add-on-security-announcement", "title": "Add-on security vulnerability announcement – Mozilla Add-ons Community Blog", "date": "2010-07-13", "year": 2010, "url": "https://blog.mozilla.org/addons/2010/07/13/add-on-security-announcement/", "domain": "blog.mozilla.org", "source_name": "Mozilla Add-ons Blog", "source_type": "manual-seed", "collector": "manual", "description": "One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older advisory on malicious add-on and security-vulnerable add-on" }, { "id": "2010-10-firesheep-baaaaad-news-for-the-unwary", "title": "Firesheep: Baaaaad News for the Unwary", "date": "2010-10-26", "year": 2010, "url": "https://krebsonsecurity.com/2010/10/firesheep-baaaaad-news-for-the-unwary/", "domain": "krebsonsecurity.com", "source_name": "Krebs on Security", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Akrebsonsecurity.com+browser+extension&format=rss", "description": "“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "security-2011-03-25-comodo-certificate-issue-follow-up", "title": "Comodo Certificate Issue – Follow Up – Mozilla Security Blog", "date": "2011-03-25", "year": 2011, "url": "https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/", "domain": "blog.mozilla.org", "source_name": "Mozilla Security Blog", "source_type": "manual-seed", "collector": "manual", "description": "Categories: CA Program Firefox Security Comodo Certificate Issue – Follow Up Johnathan Nightingale March 25, 2011 30 responses This is a follow-up to the previous Mozilla report about the fraudulent certificates issued by Comodo last week. On 15th March 2011, a RA partner of the Comodo CA suffered an internal security breach ( Comodo incident report ). The attacker used the RA’s account with Comodo to cause 9 fraudulent certificates to be issued.", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Fraudulent certificate for addons.mozilla.org could have enabled malicious software downloads" }, { "id": "malicious-chrome-extensions-targeting-facebook", "title": "Malicious Chrome Extensions Targeting Facebook", "date": "2012-03-26", "year": 2012, "url": "https://www.securityweek.com/malicious-chrome-extensions-targeting-facebook/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "manual-seed", "collector": "manual", "description": "Researchers from Kaspersky Lab have found examples of malicious Chrome applications targeting Facebook users in Brazil. The attack use several methods to entice users to install the malware, and despite Google’s best efforts, the criminals behind the attack keep getting new variants into the Chrome Web Store.", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older Chrome extension malware campaign coverage" }, { "id": "information-technology-2012-03-googles-chome-web-store-used-to-spread-malware", "title": "Google's Chrome Web store used to spread malware", "date": "2012-03-27", "year": 2012, "url": "https://arstechnica.com/information-technology/2012/03/googles-chome-web-store-used-to-spread-malware/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "manual-seed", "collector": "manual", "description": "Biz & IT Google’s Chrome Web store used to spread malware Attackers seeded Google's Chrome Web Store with a malicious extension to … Dan Goodin – Mar 27, 2012 2:15 pm | 32 Credit: Photograph by www.securelist.com Credit: Photograph by www.securelist.com Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Crooks have found a new venue to push malware: the official Google Chrome Web Store . It was recently used to hawk Chrome browser extensions secretly hijacking users’ Facebook profiles.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older Chrome Web Store malware coverage" }, { "id": "information-technology-2012-05-firefox-security-add-in-exposes-users-web-browsing-history", "title": "Firefox \"security\" add-on exposes users' Web browsing history", "date": "2012-05-01", "year": 2012, "url": "https://arstechnica.com/information-technology/2012/05/firefox-security-add-in-exposes-users-web-browsing-history/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "manual-seed", "collector": "manual", "description": "E-Privacy Firefox “security” add-on exposes users’ Web browsing history Firefox plugin ShowIP transmits web visits home in the clear, exposing browser history. Sean Gallagher – May 1, 2012 9:45 am | 25 Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav A Firefox add-on that gives users the ability to collect information on the IP address, server hostname and other related data for websites they visit also has the added bonus feature of reporting the same information on every site visited to a third-party server, SophosLabs reports.", "browser_family": [ "firefox" ], "incident_types": [ "other" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Firefox ShowIP add-on privacy leak coverage" }, { "id": "malicious-firefox-chrome-extension-hijacks-facebook-profiles", "title": "Malicious Firefox, Chrome Extension Hijacks Facebook Profiles", "date": "2013-05-12", "year": 2013, "url": "https://www.securityweek.com/malicious-firefox-chrome-extension-hijacks-facebook-profiles/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Researchers at Microsoft are reporting a wave of malicious browser extensions attempting to hijack Facebook profiles. The malware, known as Trojan:JS/Febipos.A, specifically targets Google Chrome and ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2014-04-malicious-chrome-extension-hijacks-html", "title": "Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets", "date": "2014-04-25", "year": 2014, "url": "http://thehackernews.com/2014/04/malicious-chrome-extension-hijacks.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2014-09-malware-can-bypasses-chrome-extension-html", "title": "Malware Can Bypass Chrome Extension Security Feature Easily", "date": "2014-09-06", "year": 2014, "url": "http://thehackernews.com/2014/09/malware-can-bypasses-chrome-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe’s Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2015-05-hack-google-password-html", "title": "Hacker Finds a Simple Way to Bypass Google Password Alert", "date": "2015-05-02", "year": 2015, "url": "http://thehackernews.com/2015/05/hack-google-password.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Less than 24 hours after Google launched the new Phishing alert extension Password Alert, a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "brief-black-hat-asia-researchers-find-reusable-vulnerabilities-in-popular-firefox-extensions", "title": "Black Hat Asia: Researchers find reusable vulnerabilities in popular Firefox extensions", "date": "2016-04-03", "year": 2016, "url": "https://www.scmagazine.com/brief/black-hat-asia-researchers-find-reusable-vulnerabilities-in-popular-firefox-extensions", "domain": "scmagazine.com", "source_name": "SC Media", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+vulnerability&format=rss", "description": "Flaws affecting popular Firefox extensions were disclosed by researchers at Black Hat Asia in Singapore. The reusable vulnerabilities were discovered by Northeastern Univeristy PhD candidate Ahmet ...", "browser_family": [ "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2016-07-lastpass-password-manager-html", "title": "LastPass Bug Lets Hackers Steal All Your Passwords", "date": "2016-07-27", "year": 2016, "url": "http://thehackernews.com/2016/07/lastpass-password-manager.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-07-cisco-webex-vulnerability-html", "title": "Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!", "date": "2017-07-17", "year": 2017, "url": "http://thehackernews.com/2017/07/cisco-webex-vulnerability.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim's computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-07-chrome-extention-hacking-adware-html", "title": "Someone Hijacks A Popular Chrome Extension to Push Malware", "date": "2017-07-31", "year": 2017, "url": "http://thehackernews.com/2017/07/chrome-extention-hacking-adware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users. Unfortunately, the Chrome extension of Copyfish has", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-08-chrome-extension-for-web-developers-html", "title": "Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users", "date": "2017-08-03", "year": 2017, "url": "http://thehackernews.com/2017/08/chrome-extension-for-web-developers.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing attacks aimed at hijacking", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-08-chrome-extension-hacking-html", "title": "8 More Chrome Extensions Hijacked to Target 4.8 Million Users", "date": "2017-08-16", "year": 2017, "url": "http://thehackernews.com/2017/08/chrome-extension-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google's Chrome web browser Extensions are under attack with a series of developers being hacked within last one month. Almost two weeks ago, we reported how unknown attackers managed to compromise the Chrome Web Store account of a developer team and hijacked Copyfish extension, and then modified it to distribute spam correspondence to users. Just two days after that incident, some unknown", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2018-01-500000-chrome-users-fall-prey-to-malicious-extensions-in-google-web-store", "title": "Google Chrome extensions with 500,000 downloads found to be malicious", "date": "2018-01-16", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/01/500000-chrome-users-fall-prey-to-malicious-extensions-in-google-web-store/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what’s widely considered to ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2018-01-malicious-chrome-extension-is-next-to-impossible-to-manually-remove", "title": "Malicious Chrome extension is next to impossible to manually remove", "date": "2018-01-19", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/01/malicious-chrome-extension-is-next-to-impossible-to-manually-remove/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s most secure browser, a researcher has documented a malicious add-on that tricks users into ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-02-grammar-checking-software-html", "title": "Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data", "date": "2018-02-06", "year": 2018, "url": "http://thehackernews.com/2018/02/grammar-checking-software.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users' accounts, including their personal documents and records, vulnerable to remote hackers. According to Google Project Zero researcher Tavis Ormandy, who discovered the vulnerability on February 2, the Chrome and Firefox extension of", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-04-adblocker-chrome-extention-html", "title": "Over 20 Million Users Installed Malicious Ad Blockers From Chrome Store", "date": "2018-04-19", "year": 2018, "url": "http://thehackernews.com/2018/04/adblocker-chrome-extention.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users. Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-05-facebook-cryptocurrency-hacking-html", "title": "A New Cryptocurrency Mining Virus is Spreading Through Facebook", "date": "2018-05-01", "year": 2018, "url": "http://thehackernews.com/2018/05/facebook-cryptocurrency-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts’", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2018-05-malicious-chrome-extensions-infect-more-than-100000-users-again", "title": "Malicious Chrome extensions infect 100,000-plus users, again", "date": "2018-05-10", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/05/malicious-chrome-extensions-infect-more-than-100000-users-again/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-05-chrome-facebook-malware-html", "title": "7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords", "date": "2018-05-11", "year": 2018, "url": "http://thehackernews.com/2018/05/chrome-facebook-malware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-06-pythonbot-pbot-adware-html", "title": "Python-Based Adware Evolves to Install Malicious Browser Extensions", "date": "2018-06-26", "year": 2018, "url": "http://thehackernews.com/2018/06/pythonbot-pbot-adware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Security researchers have been warning of a few newly detected variants of python-based adware that are being distributed in the wild not only to inject ads but also found installing malicious browser extensions and hidden cryptocurrency miner into victims' computers. Dubbed PBot, or PythonBot, the adware was first uncovered more than a year ago, but since then the malware has evolved, as its", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-09-mega-file-upload-chrome-extension-html", "title": "Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords", "date": "2018-09-05", "year": 2018, "url": "http://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets.", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "gadgets-2018-10-google-taking-new-steps-to-prevent-malicious-chrome-extensions", "title": "Google taking new steps to prevent malicious Chrome extensions", "date": "2018-10-02", "year": 2018, "url": "https://arstechnica.com/gadgets/2018/10/google-taking-new-steps-to-prevent-malicious-chrome-extensions/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store. Google has already taken some steps to ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-10-google-chrome-extensions-security-html", "title": "Google Announces 5 Major Security Updates for Chrome Extensions", "date": "2018-10-02", "year": 2018, "url": "http://thehackernews.com/2018/10/google-chrome-extensions-security.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-02-24-chrome-extension-activity-tracking-html", "title": "Chrome may help you track rogue browser extensions", "date": "2019-02-24", "year": 2019, "url": "https://www.engadget.com/2019-02-24-chrome-extension-activity-tracking.html", "domain": "engadget.com", "source_name": "Engadget", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aengadget.com+browser+extension+malicious&format=rss", "description": "It won't surprise you to hear that some Chrome extensions behave badly, but how do you spot malicious activity when it isn't always obvious? Google might soon have a way. Techdows has noticed a recent ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-06-evernote-extension-hacking-html", "title": "Critical Flaw Reported in Popular Evernote Extension for Chrome Users", "date": "2019-06-13", "year": 2019, "url": "http://thehackernews.com/2019/06/evernote-extension-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-used-by-hackers-for-ad-fraud", "title": "Malicious Browser Extensions Used by Hackers for Ad Fraud", "date": "2019-07-18", "year": 2019, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-used-by-hackers-for-ad-fraud/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Researchers unearthed a new and highly prolific malware framework used by its creators to generate over one billion fraudulent ad impressions over a time span of just three months. The attackers used ...", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-09-browser-chrome-extension-adblock-html", "title": "Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme", "date": "2019-09-20", "year": 2019, "url": "http://thehackernews.com/2019/09/browser-chrome-extension-adblock.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-12-avast-and-avg-browser-plugins-html", "title": "Avast and AVG Browser Extensions Spying On Chrome and Firefox Users", "date": "2019-12-03", "year": 2019, "url": "http://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2020-01-mozilla-and-google-crack-down-on-malicious-and-abusive-browser-extensions", "title": "More than 200 browser extensions ejected from Firefox and Chrome stores", "date": "2020-01-30", "year": 2020, "url": "https://arstechnica.com/information-technology/2020/01/mozilla-and-google-crack-down-on-malicious-and-abusive-browser-extensions/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Mozilla and Google are cracking down on malicious and abusive extensions available for the Firefox and Chrome browsers, respectively. The moves come in response to the recent detection of add-ons that ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-02-chrome-extension-malware-html", "title": "500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users", "date": "2020-02-14", "year": 2020, "url": "http://thehackernews.com/2020/02/chrome-extension-malware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-03-the-case-for-limiting-your-browser-extensions", "title": "The Case for Limiting Your Browser Extensions", "date": "2020-03-02", "year": 2020, "url": "https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-extensions/", "domain": "krebsonsecurity.com", "source_name": "Krebs on Security", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Akrebsonsecurity.com+browser+extension&format=rss", "description": "Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-04-chrome-cryptocurrency-extensions-html", "title": "49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets", "date": "2020-04-15", "year": 2020, "url": "http://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort. \"Essentially, the extensions", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tens-malicious-chrome-extensions-used-global-surveillance-campaign", "title": "Tens of Malicious Chrome Extensions Used in Global Surveillance Campaign", "date": "2020-06-18", "year": 2020, "url": "https://www.securityweek.com/tens-malicious-chrome-extensions-used-global-surveillance-campaign/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before removal, Awake Security reveals. Malicious Chrome extensions employed in a ...", "browser_family": [ "chrome", "chromium" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-06-chrome-browser-extensions-spying-html", "title": "Over 100 New Chrome Browser Extensions Caught Spying On Users", "date": "2020-06-22", "year": 2020, "url": "http://thehackernews.com/2020/06/chrome-browser-extensions-spying.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a \"massive global surveillance campaign\" targeting oil and gas, finance, and healthcare sectors. Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar,", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "gadgets-2020-11-fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store", "title": "Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn", "date": "2020-11-20", "year": 2020, "url": "https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "For years, Google and Mozilla have battled to keep abusive or outright malicious browser extensions from infiltrating their official repositories. Now, Microsoft is taking up the fight. Over the past ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2020-12-up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons", "title": "Up to 3 million devices infected by malware-laced Chrome and Edge add-ons", "date": "2020-12-16", "year": 2020, "url": "https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday. In all, ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-chrome-edge-extensions", "title": "Malicious Chrome and Edge Extensions Affect Millions of Users", "date": "2020-12-16", "year": 2020, "url": "https://www.infosecurity-magazine.com/news/malicious-chrome-edge-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Three million Google Chrome and Microsoft Edge users could be at risk of data theft and phishing after researchers discovered malware hidden in multiple browser extensions. At least 28 third-party ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "millions-users-downloaded-28-malicious-chrome-and-edge-extensions", "title": "Millions of Users Downloaded 28 Malicious Chrome and Edge Extensions", "date": "2020-12-17", "year": 2020, "url": "https://www.securityweek.com/millions-users-downloaded-28-malicious-chrome-and-edge-extensions/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Malware hidden in 28 third-party extensions for Google Chrome and Microsoft Edge redirects users to ads or phishing sites, Avast warned this week. Distributed through official app stores, the ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2021-02-malicious-chrome-and-edge-add-ons-had-a-novel-way-to-hide-on-3-million-devices", "title": "Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices", "date": "2021-02-03", "year": 2021, "url": "https://arstechnica.com/information-technology/2021/02/malicious-chrome-and-edge-add-ons-had-a-novel-way-to-hide-on-3-million-devices/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "In December, Ars reported that as many as 3 million people had been infected by Chrome and Edge browser extensions that stole personal data and redirected users to ad or phishing sites. Now, the ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "malicious-mozilla-firefox-gmail-164263", "title": "Malicious Mozilla Firefox Extension Allows Gmail Takeover", "date": "2021-02-25", "year": 2021, "url": "https://threatpost.com/malicious-mozilla-firefox-gmail/164263/", "domain": "threatpost.com", "source_name": "Threat Post", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on", "title": "Chinese cyberspies targeted Tibetans with a malicious Firefox add-on", "date": "2021-02-25", "year": 2021, "url": "https://www.zdnet.com/article/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on/", "domain": "zdnet.com", "source_name": "ZDNet", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts", "title": "Malicious Firefox extension allowed hackers to hijack Gmail accounts", "date": "2021-02-26", "year": 2021, "url": "https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with ...", "browser_family": [ "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency", "title": "Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency", "date": "2021-09-27", "year": 2021, "url": "https://www.bleepingcomputer.com/news/security/malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "A malicious Firefox add-on named \"Safepal Wallet\" scammed users by emptying out their wallets and lived on the Mozilla add-ons store for seven months. Safepal is a cryptocurrency wallet application ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-07-experts-uncover-350-browser-extension-html", "title": "Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign", "date": "2022-07-08", "year": 2022, "url": "http://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the \"extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-07-north-korean-hackers-using-malicious-html", "title": "North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts", "date": "2022-07-30", "year": 2022, "url": "http://thehackernews.com/2022/07/north-korean-hackers-using-malicious.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-targeted-almost-7-million-people", "title": "Malicious browser extensions targeted almost 7 million people", "date": "2022-08-16", "year": 2022, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-targeted-almost-7-million-people/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads ...", "browser_family": [], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-08-malicious-browser-extensions-targeted-html", "title": "Malicious Browser Extensions Targeted Over a Million Users So Far This Year", "date": "2022-08-17", "year": 2022, "url": "http://thehackernews.com/2022/08/malicious-browser-extensions-targeted.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. \"From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons,\" the company said. As", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-08-experts-find-malicious-cookie-stuffing-html", "title": "Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users", "date": "2022-08-31", "year": 2022, "url": "http://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. \"The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,\" McAfee researchers Oliver Devane and Vallabh Chole&", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-extension-lets-attackers-control-google-chrome-remotely", "title": "Malicious extension lets attackers control Google Chrome remotely", "date": "2022-11-08", "year": 2022, "url": "https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the ...", "browser_family": [ "chrome", "chromium", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-11-this-malware-installs-malicious-browser-html", "title": "This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos", "date": "2022-11-22", "year": 2022, "url": "http://thehackernews.com/2022/11/this-malware-installs-malicious-browser.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an", "browser_family": [ "brave", "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2023-03-fake-chatgpt-chrome-extension-hijacking-html", "title": "Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising", "date": "2023-03-13", "year": 2023, "url": "http://thehackernews.com/2023/03/fake-chatgpt-chrome-extension-hijacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. \"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus,\" Guardio", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cyberattacks-data-breaches-malicious-chatgpt-extensions-add-to-google-chrome-woes", "title": "Malicious ChatGPT Extensions Add to Google Chrome Woes", "date": "2023-03-23", "year": 2023, "url": "https://www.darkreading.com/cyberattacks-data-breaches/malicious-chatgpt-extensions-add-to-google-chrome-woes", "domain": "darkreading.com", "source_name": "Dark Reading", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Yet another version of the malicious, Facebook account-stealing ChatGPT browser extension for Google Chrome has emerged, representing a new variant in a campaign affecting thousands of users daily.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-chrome-extensions-with-75m-installs-removed-from-web-store", "title": "Malicious Chrome extensions with 75M installs removed from Web Store", "date": "2023-06-02", "year": 2023, "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. The ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-malicious-chrome-extensions-you-should-remove-from-your-browser", "title": "Malicious Chrome Extensions You Should Remove from Your Browser | LayerX", "date": "2023-07-15", "year": 2023, "url": "https://layerxsecurity.com/blog/malicious-chrome-extensions-you-should-remove-from-your-browser/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Chrome extensions are small software programs that can be added to the Google Chrome web browser to enhance its functionality and customize their browsing experience. They are typically developed by third-party developers and can be found in the Chrome Web Store. But while Chrome extensions offer numerous benefits, they can also pose potential vulnerabilities to […]", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2023-08-new-version-of-rilide-data-theft-html", "title": "New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3", "date": "2023-08-03", "year": 2023, "url": "http://thehackernews.com/2023/08/new-version-of-rilide-data-theft.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. \"It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension Manifest V3, and additional features such as the ability to exfiltrate stolen data to a", "browser_family": [ "chrome", "chromium", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2023-08-google-chromes-new-feature-alerts-users-html", "title": "Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions", "date": "2023-08-18", "year": 2023, "url": "http://thehackernews.com/2023/08/google-chromes-new-feature-alerts-users.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked", "browser_family": [ "chrome", "chromium" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-chrome-feature-alerts-malicious", "title": "New Chrome Feature Alerts Users About Malicious Extensions", "date": "2023-08-20", "year": 2023, "url": "https://www.infosecurity-magazine.com/news/chrome-feature-alerts-malicious/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users when an extension they have installed is no longer available on the Chrome Web ...", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-malicious-browser-extensions-threats-and-security-solutions", "title": "Malicious Browser Extensions: Threats and Security Solutions - LayerX", "date": "2023-12-06", "year": 2023, "url": "https://layerxsecurity.com/blog/malicious-browser-extensions-threats-and-security-solutions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "In 2019, a network of browser extensions, primarily for Chrome, was revealed to have been scraping sensitive data from as many as four million users. The scraped data included PII, browsing history, medical information, and more. The data was then monetized through a commercialization scheme. This breach became known as the DataSpii incident, and it […]", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-299982-20231222-researchers-discover-malicious-chrome-extensions-disguised-fake-vpn-htm", "title": "Researchers Discover Malicious Chrome Extensions Disguised as Fake VPN", "date": "2023-12-22", "year": 2023, "url": "https://www.techtimes.com/articles/299982/20231222/researchers-discover-malicious-chrome-extensions-disguised-fake-vpn.htm", "domain": "techtimes.com", "source_name": "techtimes", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Cybersecurity researchers at ReasonLabs have discovered the presence of three fake Chrome extensions that are masquerading as VPNs. While it's easier to get fooled by the ads on the internet, the same ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-06-kimsuky-using-translatext-chrome-html", "title": "Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data", "date": "2024-06-28", "year": 2024, "url": "http://thehackernews.com/2024/06/kimsuky-using-translatext-chrome.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-24-08-16-banshee-stealer-malware-haunts-browser-extensions-on-macos", "title": "Banshee Stealer malware aims to rob data from macOS browser extensions", "date": "2024-08-16", "year": 2024, "url": "https://appleinsider.com/articles/24/08/16/banshee-stealer-malware-haunts-browser-extensions-on-macos", "domain": "appleinsider.com", "source_name": "AppleInsider", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious+update&format=rss", "description": "Security researchers have discovered a new malware for macOS, which can be used to attack over 100 browser extensions that may be installed on the target Mac. Apple tries hard to make macOS and its ...", "browser_family": [ "brave", "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-new-russian-threat-targets-over-100-apple-macos-browser-extensions", "title": "New Russian threat targets over 100 Apple macOS browser extensions", "date": "2024-08-19", "year": 2024, "url": "https://www.foxnews.com/tech/new-russian-threat-targets-over-100-apple-macos-browser-extensions", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Apple Macs are considered comparatively safer than Windows. This remains true, as in the past few months, we’ve noticed numerous malware and vulnerabilities affecting Windows laptops. However, a ...", "browser_family": [ "brave", "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cyberhaven-hack-google-chrome-extension", "title": "Cyber startup employee hacked to distribute malicious Chrome extension", "date": "2024-12-26", "year": 2024, "url": "https://therecord.media/cyberhaven-hack-google-chrome-extension", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "An unidentified threat actor has compromised an administrative account of a data security startup, using it to distribute a malicious update for its Chrome browser extension. Swiss-founded security ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "technology-cybersecurity-data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27", "title": "Hackers hijack a wide range of companies' Chrome extensions, experts say", "date": "2024-12-27", "year": 2024, "url": "https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/", "domain": "reuters.com", "source_name": "Reuters", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Dec 27 - Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-27-cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension", "title": "Cyber firm's Chrome extension hijacked to steal user passwords | TechCrunch", "date": "2024-12-27", "year": 2024, "url": "https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/", "domain": "techcrunch.com", "source_name": "TechCrunch", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Data-loss prevention startup Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens, according to an email sent ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cybersecurity-hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155-html", "title": "Hackers injected malicious code into several Chrome extensions in recent attack", "date": "2024-12-29", "year": 2024, "url": "https://www.engadget.com/cybersecurity/hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155.html", "domain": "engadget.com", "source_name": "Engadget", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-16-chrome-extensions-hacked-exposing-html", "title": "Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft", "date": "2024-12-29", "year": 2024, "url": "http://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-when-good-extensions-go-bad-takeaways-html", "title": "When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions", "date": "2024-12-30", "year": 2024, "url": "http://thehackernews.com/2024/12/when-good-extensions-go-bad-takeaways.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-chrome-browser-extensions-hijacked", "title": "Dozens of Chrome Browser Extensions Hijacked by Data Thieves", "date": "2025-01-01", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/chrome-browser-extensions-hijacked/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Security researchers have warned users of Google Chrome extensions to be on their guard after uncovering a major campaign focused on data theft. At least 36 compromised Chrome extensions have been ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "hackers-target-vpn-ai-extensions-google-chrome-malicious-updates", "title": "Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data", "date": "2025-01-01", "year": 2025, "url": "https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of ...", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "security-2025-01-dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices", "title": "Time to check if you ran any of these 33 malicious Chrome extensions", "date": "2025-01-02", "year": 2025, "url": "https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "application-security-chrome-extension-compromises-highlight-software-supply-challenges", "title": "Chrome Compromises Highlight Software Supply Challenges", "date": "2025-01-02", "year": 2025, "url": "https://www.darkreading.com/application-security/chrome-extension-compromises-highlight-software-supply-challenges", "domain": "darkreading.com", "source_name": "Dark Reading", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+supply+chain&format=rss", "description": "On Christmas Eve, developers at data detection and response firm Cyberhaven received a troubling email that seemed to come from Google, threatening to remove access to the company's Chrome extension ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "other" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-are-the-next-frontier-for-identity-attacks", "title": "Malicious Browser Extensions are the Next Frontier for Identity Attacks", "date": "2025-01-07", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-are-the-next-frontier-for-identity-attacks/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "The recent attack campaign targeting browser extensions shows that malicious browser extensions are the next frontier for identity attacks. More than 2.6 million users across thousands of ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-full-browser-device-takeover", "title": "Syncjacking Attack Enables Full Browser and Device Takeover", "date": "2025-01-29", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/full-browser-device-takeover/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Security researchers have warned of a new attack which could enable malicious extensions to gain full control of a targeted browser and device, with minimal user interaction. SquareX said that, until ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-chrome-extensions-can-spoof-password-managers-in-new-attack", "title": "Malicious Chrome extensions can spoof password managers in new attack", "date": "2025-03-06", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "A newly devised \"polymorphic\" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "polymorphic-extensions-the-silent-data-thieves", "title": "This Browser Hack Can Steal Everything : Polymorphic Extensions", "date": "2025-03-11", "year": 2025, "url": "https://www.geeky-gadgets.com/polymorphic-extensions-the-silent-data-thieves/", "domain": "geeky-gadgets.com", "source_name": "Geeky Gadgets", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "A recent security demonstration has revealed a sophisticated cyberattack targeting browser extensions known as “polymorphic extensions.” These malicious tools exploit the permissions granted to ...", "browser_family": [ "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-03-237454-private-keys-may-be-exposed-via-critical-vulnerability-in-switchomega-a-chrome-proxy-switching-extension-report", "title": "Private Keys May Be Exposed Via Critical Vulnerability In SwitchOmega, A Chrome Proxy-Switching Extension - Report | Crowdfund Insider", "date": "2025-03-17", "year": 2025, "url": "https://www.crowdfundinsider.com/2025/03/237454-private-keys-may-be-exposed-via-critical-vulnerability-in-switchomega-a-chrome-proxy-switching-extension-report/", "domain": "crowdfundinsider.com", "source_name": "Crowdfund Insider", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Blockchain security firm SlowMist released a detailed report exposing a critical vulnerability in SwitchyOmega, a widely used Chrome proxy-switching extension, highlighting its potential to steal ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-security-alert-christmas-day-chrome-extension-compromise", "title": "Security alert: Christmas Day Chrome extension compromise", "date": "2025-03-24", "year": 2025, "url": "https://expel.com/blog/security-alert-christmas-day-chrome-extension-compromise/", "domain": "expel.com", "source_name": "Expel", "source_type": "sitemap", "collector": "https://expel.com/post-sitemap.xml", "description": "BLOG | RAPID RESPONSE Security alert: Christmas Day Chrome extension compromise Subscribe × MktoForms2.loadForm(\"//info.expel.com\", \"986-VWL-068\", 1036); MktoForms2.whenReady(function (form){ //Add an onSuccess handler form.onSuccess(function(values, followUpUrl){ // GTM event for tracking window.dataLayer.push({ \"event\": \"mkto.form.success\", \"mkto.form.values\": values, \"conversionType\": \"subscribe\", \"eventTimeout\": 3000 }); location.href=\"/subscribe-thanks\"; //get the form's jQuery element and hide it...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-05-100-fake-chrome-extensions-found-html", "title": "100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads", "date": "2025-05-20", "year": 2025, "url": "http://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. \"The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-layerx-reveals-40malicious-browser-extensions", "title": "LayerX Reveals 40+ Malicious Browser Extensions - LayerX", "date": "2025-05-22", "year": 2025, "url": "https://layerxsecurity.com/blog/layerx-reveals-40malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "LayerX has identified over 40 malicious browser extensions that are part of three distinct phishing campaigns. The initial detection of this campaign was done by the DomainTools Intelligence (DTI) team, who identified a list of suspicious domains that were communicating with browser extensions masquerading as legitimate brands. However, while the research by DTI provided a […]", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "thousands-of-chrome-extensions-are-tampering-with-security-headers", "title": "Thousands of Chrome extensions are tampering with security headers", "date": "2025-05-24", "year": 2025, "url": "https://therecord.media/thousands-of-chrome-extensions-are-tampering-with-security-headers", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Thousands of Google Chrome extensions available on the official Chrome Web Store are tampering with security headers on popular websites, putting users at risk of a wide range of web-based attacks.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-18-malicious-chrome-edge-extensions", "title": "18 Malicious Chrome and Edge Extensions Disguise as Everyday Tools", "date": "2025-07-07", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A set of 18 malicious browser extensions that are still available to download on Google Chrome and Microsoft Edge have been identified by a team of security researchers at Koi Security. These ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "crypto-roundup-malicious-firefox-extensions-a-28940", "title": "Crypto Roundup: Malicious Firefox Extensions", "date": "2025-07-10", "year": 2025, "url": "https://www.govinfosecurity.com/crypto-roundup-malicious-firefox-extensions-a-28940", "domain": "govinfosecurity.com", "source_name": "HHS", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for ...", "browser_family": [ "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-malicious-browser-extensions-caught-spying-2-million-users", "title": "Malicious browser extensions caught spying on 2 million users", "date": "2025-07-14", "year": 2025, "url": "https://www.foxnews.com/tech/malicious-browser-extensions-caught-spying-2-million-users", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Every day, millions of people install tiny browser add-ons they believe will improve productivity or entertainment. With so many options available on the Chrome Web Store, users often rely on trust ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-layerx-joins-forces-with-google-chrome-enterprise-to-stop-malicious-browser-extensions", "title": "LayerX Joins Forces with Google Chrome Enterprise to Stop Malicious Browser Extensions - LayerX", "date": "2025-07-29", "year": 2025, "url": "https://layerxsecurity.com/blog/layerx-joins-forces-with-google-chrome-enterprise-to-stop-malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "We’ve always believed that the browser is the new workspace. And as work increasingly happens inside the browser, it’s no surprise that securing it has become mission-critical. That’s why we’re thrilled to share some big news: LayerX is now officially collaborating with Google Chrome Enterprise to deliver a new level of visibility and control over […]", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-malicious-firefox-extensions-are-draining-crypto-wallets", "title": "Malicious Firefox Extensions Are Draining Crypto Wallets", "date": "2025-08-10", "year": 2025, "url": "https://lifehacker.com/tech/malicious-firefox-extensions-are-draining-crypto-wallets", "domain": "lifehacker.com", "source_name": "Lifehacker", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Emily Long is a freelance writer based in Salt Lake City. After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-chrome-vpn-extension-spyware", "title": "Legitimate Chrome VPN Extension Turns to Browser Spyware", "date": "2025-08-18", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A popular Google-featured browser extension offering a virtual private network (VPN) service recently turned malicious and is now spying on users’ every move online. Researchers from Koi Security ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-08-28-new-research-shows-passkeys-can-hijacked-malicious-extensions", "title": "New research shows passkeys can be hijacked through malicious extensions - SiliconANGLE", "date": "2025-08-28", "year": 2025, "url": "https://siliconangle.com/2025/08/28/new-research-shows-passkeys-can-hijacked-malicious-extensions/", "domain": "siliconangle.com", "source_name": "SiliconANGLE", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "A new report out today from browser security company SquareX Ltd. reveals a critical flaw in passkeys, the widely promoted alternative to passwords, that could allow attackers to hijack accounts ...", "browser_family": [ "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-10-131-chrome-extensions-caught-hijacking-html", "title": "131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign", "date": "2025-10-20", "year": 2025, "url": "http://thehackernews.com/2025/10/131-chrome-extensions-caught-hijacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. \"", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-4078274-ai-browsers-can-be-abused-by-malicious-ai-sidebar-extensions-report-html", "title": "AI browsers can be abused by malicious AI sidebar extensions: Report", "date": "2025-10-22", "year": 2025, "url": "https://www.computerworld.com/article/4078274/ai-browsers-can-be-abused-by-malicious-ai-sidebar-extensions-report.html", "domain": "computerworld.com", "source_name": "Computerworld", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Acomputerworld.com+browser+extension+malicious&format=rss", "description": "AI browsers may be smart, but they’re not smart enough to block a common threat: Malicious extensions. That’s the conclusion of researchers at SquareX, who on Thursday released a report showing how ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-10-ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars-html", "title": "AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars | NextBigFuture.com", "date": "2025-10-22", "year": 2025, "url": "https://www.nextbigfuture.com/2025/10/ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars.html", "domain": "nextbigfuture.com", "source_name": "NextBigFuture", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar ...", "browser_family": [ "brave", "edge", "firefox", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "ai-sidebar-spoofing-puts-chatgpt-atlas-perplexity-comet-and-other-browsers-at-risk", "title": "AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk", "date": "2025-10-22", "year": 2025, "url": "https://www.securityweek.com/ai-sidebar-spoofing-puts-chatgpt-atlas-perplexity-comet-and-other-browsers-at-risk/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Enterprise browser security firm SquareX has demonstrated how malicious browser extensions can impersonate AI sidebar interfaces for phishing and other nefarious purposes. The attack method, named AI ...", "browser_family": [ "brave", "chrome", "edge", "firefox" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-articles-malware-chrome-extension-secretly-siphoned-200102846-html", "title": "Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months", "date": "2025-11-27", "year": 2025, "url": "https://www.yahoo.com/news/articles/malware-chrome-extension-secretly-siphoned-200102846.html", "domain": "yahoo.com", "source_name": "Yahoo", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Add Yahoo as a preferred source to see more of our stories on Google. A Chrome extension marketed as a convenient trading tool has been secretly siphoning SOL from users' swaps since last June, ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign", "title": "ShadyPanda browser extensions amass 4.3M installs in malicious campaign", "date": "2025-12-01", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "A long-running malware operation known as \"ShadyPanda\" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-4099453-newly-discovered-malicious-extensions-could-be-lurking-in-enterprise-browsers-2-html", "title": "Newly discovered malicious extensions could be lurking in enterprise browsers", "date": "2025-12-01", "year": 2025, "url": "https://www.computerworld.com/article/4099453/newly-discovered-malicious-extensions-could-be-lurking-in-enterprise-browsers-2.html", "domain": "computerworld.com", "source_name": "Computerworld", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Once-trusted Chrome and Edge add-ons have quietly turned into tools for data harvesting, search manipulation, and a remote-execution backdoor affecting more than 4.3 million users. A sprawling ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "chrome-edge-extensions-caught-tracking-users-creating-backdoors", "title": "Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors", "date": "2025-12-01", "year": 2025, "url": "https://www.securityweek.com/chrome-edge-extensions-caught-tracking-users-creating-backdoors/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. A threat actor has published over a hundred malicious ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-vs-code-extensions", "title": "Malicious VS Code Extensions Deploy Advanced Infostealer", "date": "2025-12-08", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/malicious-vs-code-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...", "browser_family": [ "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-browser-extensions-hit-4-220052162-html", "title": "Malicious browser extensions hit 4.3M users", "date": "2025-12-10", "year": 2025, "url": "https://www.aol.com/news/malicious-browser-extensions-hit-4-220052162.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-introducing-the-tactics-techniques-matrix-for-malicious-browser-extensions", "title": "Introducing the Tactics & Techniques Matrix for Malicious Browser Extensions - LayerX", "date": "2025-12-14", "year": 2025, "url": "https://layerxsecurity.com/blog/introducing-the-tactics-techniques-matrix-for-malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Most of us rely on browser extensions every day, often without thinking about it. They make online work faster and easier by saving passwords, blocking ads, translating text, managing notes, or connecting our favorite-web apps together. For many organizations, extensions have also become a practical replacement for traditional desktop software. As endpoint malware grew […]", "browser_family": [ "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-browser-extension-malware-infected-8-8m-users-darkspectre-attack", "title": "Browser extension malware infected 8.8M users in DarkSpectre attack", "date": "2026-01-06", "year": 2026, "url": "https://www.foxnews.com/tech/browser-extension-malware-infected-8-8m-users-darkspectre-attack", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Browser extensions promise convenience. Many offer simple tools like new tab pages, translators or video helpers. Researchers, however, uncovered a long-running malware operation that abused that ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "chrome-extensions-with-900000-downloads-caught-stealing-ai-chats", "title": "Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats", "date": "2026-01-06", "year": 2026, "url": "https://www.securityweek.com/chrome-extensions-with-900000-downloads-caught-stealing-ai-chats/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity. The applications, called ‘Chat GPT for Chrome with GPT-5, Claude Sonnet ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats", "title": "900K Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats", "date": "2026-01-06", "year": 2026, "url": "https://www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/", "domain": "techrepublic.com", "source_name": "TechRepublic", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atechrepublic.com+browser+extension+malicious&format=rss", "description": "900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats Your email has been sent OX Security researchers found that more than 900,000 Chrome ...", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-browser-extensions-gone-rogue-the-full-scope-of-the-ghostposter-campaign", "title": "Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign - LayerX", "date": "2026-01-15", "year": 2026, "url": "https://layerxsecurity.com/blog/browser-extensions-gone-rogue-the-full-scope-of-the-ghostposter-campaign/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Last month, researchers at Koi Security published a detailed analysis of a malicious Firefox extension they dubbed GhostPoster – a browser-based malware leveraging an uncommon and stealthy payload delivery method: steganography within a PNG icon file. This innovative approach allowed the malware to evade traditional extension security reviews and static analysis tools. Following their […]", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "news-security-malicious-ghostposter-browser-extensions-found-with-840-000-installs", "title": "Malicious GhostPoster browser extensions found with 840,000 installs", "date": "2026-01-17", "year": 2026, "url": "https://www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. The ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "malicious-chrome-extension-crashes-browser-in-clickfix-variant-crashfix", "title": "Malicious Chrome Extension Crashes Browser in ClickFix Variant 'CrashFix'", "date": "2026-01-18", "year": 2026, "url": "https://www.securityweek.com/malicious-chrome-extension-crashes-browser-in-clickfix-variant-crashfix/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "A fresh variant of the ClickFix attack relies on a malicious Chrome extension to display a security warning and lure victims into executing unwanted commands to install malware, Huntress reports.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "pro-security-more-malicious-browser-extensions-uncovered-chrome-firefox-and-edge-all-affected", "title": "Beware- over 840,000 malicious browser extensions uncovered", "date": "2026-01-18", "year": 2026, "url": "https://www.techradar.com/pro/security/more-malicious-browser-extensions-uncovered-chrome-firefox-and-edge-all-affected?amp;_bhlid=d94bbc114e30bf84376e1fbb1c843a2d258df5ef", "domain": "techradar.com", "source_name": "TechRadar", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Security researchers LayerX have discovered 17 extensions for Chrome, Firefox, and Edge browsers which monitored people’s internet activity and installed backdoors for persistent access. In total, the ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-one-17-browser-extensions-could-175544241-html", "title": "Do you have one of these 17 browser extensions? They could be tracking your browsing history.", "date": "2026-01-22", "year": 2026, "url": "https://www.aol.com/articles/one-17-browser-extensions-could-175544241.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "You might have a dangerous browser extension monitoring your browser history and not even know it. The Koi Security researchers originally identified 17 malicious ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-google-chrome-extensions-hijack-161709118-html", "title": "Malicious Google Chrome extensions hijack accounts", "date": "2026-01-25", "year": 2026, "url": "https://www.aol.com/news/malicious-google-chrome-extensions-hijack-161709118.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome. Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-small-tools-big-risk-when-browser-extensions-start-stealing-api-keys", "title": "Small Tools, Big Risk: When Browser Extensions Start Stealing API Keys", "date": "2026-01-27", "year": 2026, "url": "https://www.obsidiansecurity.com/blog/small-tools-big-risk-when-browser-extensions-start-stealing-api-keys", "domain": "obsidiansecurity.com", "source_name": "Obsidian Security", "source_type": "manual-seed", "collector": "manual", "description": "Background Last week, Obsidian Security published a customer advisory detailing a malicious browser extension that was actively stealing OpenAI API keys. That advisory focused on immediate risk and recommended actions for impacted organizations. This post is the technical write-up behind that advisory. It details how the extension operated, how API keys were exfiltrated, and why browser extensions remain an effective (and often overlooked) attack vector for data leakage. We also expand beyond the initial incident to examine a broader pattern of extensions that are at best misleading and at worst malicious.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "AI-extension theft dataset anchor" }, { "id": "news-fake-ai-assistants-google-chrome", "title": "Fake AI Assistants in Google Chrome Web Store Steal Passwords", "date": "2026-02-12", "year": 2026, "url": "https://www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "over-300-malicious-chrome-extensions-caught-leaking-or-stealing-user-data", "title": "Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data", "date": "2026-02-13", "year": 2026, "url": "https://www.securityweek.com/over-300-malicious-chrome-extensions-caught-leaking-or-stealing-user-data/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft. Security researchers have discovered more than 300 Chrome extensions that leak ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "500000-vkontakte-accounts-hijacked-chrome-extensions", "title": "Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions", "date": "2026-02-15", "year": 2026, "url": "https://therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered a malware campaign that reportedly hijacked half a million accounts on VKontakte — Russia’s most popular social network — through Google Chrome browser ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant", "title": "Vulnerability Allowed Hijacking Chrome's Gemini Live AI Assistant", "date": "2026-03-01", "year": 2026, "url": "https://www.securityweek.com/vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "A vulnerability in Chrome could have allowed malicious extensions to hijack the browser’s AI assistant to spy on users and exfiltrate data, Palo Alto Networks reports. Chrome’s side panel AI assistant ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-news-compromised-chrome-extension-malware-crypto-theft", "title": "Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets", "date": "2026-03-02", "year": 2026, "url": "https://www.techrepublic.com/article/news-compromised-chrome-extension-malware-crypto-theft/?email_hash=0d7a7050906b225db2718485ca0f3472", "domain": "techrepublic.com", "source_name": "TechRepublic", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases. Image: madedee/Adobe A once-trusted Chrome ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "critical-flaw-in-claude-chrome-extension-allowed-malicious-prompt-injection", "title": "Critical Flaw in Claude Chrome Extension Can Allow Silent Malware", "date": "2026-03-27", "year": 2026, "url": "https://www.techjuice.pk/critical-flaw-in-claude-chrome-extension-allowed-malicious-prompt-injection/", "domain": "techjuice.pk", "source_name": "TechJuice", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "new-deepload-malware-dropped-in-clickfix-attacks", "title": "New DeepLoad Malware Dropped in ClickFix Attacks", "date": "2026-04-01", "year": 2026, "url": "https://www.securityweek.com/new-deepload-malware-dropped-in-clickfix-attacks/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "The new DeepLoad malware has been distributed in ClickFix attacks to steal user credentials and install a rogue browser extension.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-browser-extensions-mining-data-49829", "title": "Kaspersky official blog", "date": "2026-04-10", "year": 2026, "url": "https://www.kaspersky.com/blog/browser-extensions-mining-data/49829/", "domain": "kaspersky.com", "source_name": "Kaspersky", "source_type": "manual-seed", "collector": "manual", "description": "wi-fi AirSnitch: attacking Wi-Fi client isolation and guest networks How the AirSnitch vulnerability family threatens corporate networks, and what changes you need to make to your network architecture and settings to stay protected. Stan Kaminsky April 10, 2026", "browser_family": [], "incident_types": [ "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Known browser-extension incident roundup" }, { "id": "labs-critical-vulnerability-discovered-in-evernotes-chrome-extension", "title": "Critical Vulnerability Discovered in Evernote’s Chrome Extension", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/critical-vulnerability-discovered-in-evernotes-chrome-extension", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs Critical Vulnerability Discovered in Evernote’s Chrome Extension Avihay Kain Ido Schachter March 1, 2022 • 5 min read Table of Contents Heading 2 TLDR In May 2019 Guardio’s research team has discovered a critical vulnerability in Evernote Web Clipper for Chrome. A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user — granting access to sensitive user information not limited to Evernote’s domain. Financials, social media, personal emails, and more are all natural targets.", "browser_family": [ "chrome" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "labs-crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack", "title": "“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs “CrossBarking” Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Nati Tal October 30, 2024 • 14 min read Table of Contents Heading 2 TLDR Guardio Labs has uncovered and fully disclosed a serious vulnerability in the Opera browser that allows malicious extensions to gain full access to permissive Private APIs, enabling actions like screen capturing, browser setting modifications, and account hijacking .", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "labs-fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with", "title": "“FakeGPT”: New Variant of Fake-ChatGPT Chrome Extension Stealing Facebook Ad Accounts with Thousands of Daily Installs", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs “FakeGPT” New Variant of Fake-ChatGPT Chrome Extension Stealing Facebook Ad Accounts with Thousands of Daily Installs Nati Tal March 8, 2023 • 8 min read Update: March 22, 2023 — Guardio Labs discovered another variant in this FakeGPT campaign, abusing open-source code and yet again hijacking Facebook profiles — read about it here . Update: March 9, 2023 — Following Guardio’ s report regarding this malicious extension to Google, the extension is now removed from Chrome’s store.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "gl-security-security-tech-notes-threat-intelligence-tech-notes-malicious-browser-extensions-feb-2025", "title": "Tech Note - Malicious browser extensions impacting at least 3.2 million users - GitLab Security Tech Notes", "date": null, "year": null, "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/", "domain": "gitlab-com.gitlab.io", "source_name": "GitLab Security", "source_type": "manual-seed", "collector": "manual", "description": "GitLab Security Tech Notes Home Red Team Security Research Threat Intlligence Search Tech Note - Malicious browser extensions impacting at least 3.2 million users Key Points Background Threat Actor Infrastructure Malicious Configuration Variant Injected Payloads Understanding the Attack Chain Attribution & Conclusion Recommendations Appendix - Indicators of Compromise Tech Note - Malicious browser extensions impacting at least 3.2 million users 13 February 2025 - GitLab Threat Intelligence Key Points We identified...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-cyberhaven-browser-extension-compromise", "title": "Cyberhaven Browser Extension Compromise", "date": null, "year": null, "url": "https://keepaware.com/blog/cyberhaven-browser-extension-compromise", "domain": "keepaware.com", "source_name": "Keep Aware", "source_type": "manual-seed", "collector": "manual", "description": "Blog / Threat Posts Cyberhaven Browser Extension Compromise Ryan Boerner Founder & CEO December 26, 2024 Share this post Cyberhaven Browser Extension Compromise: What Happened and What It Means Cyberhaven, a data loss prevention cybersecurity company, recently experienced a breach that resulted in the distribution of a malicious browser extension to its customer base. This breach highlights the importance of extension management and browser security within the organization. Below, we break down what happened, how it unfolded, and the implications for security teams.", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign", "title": "4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign", "date": null, "year": null, "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign", "domain": "koi.ai", "source_name": "Koi Research", "source_type": "manual-seed", "collector": "manual", "description": "Back Koi Research 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign Tuval Admoni , , December 1, 2025 Intro Koi researchers have identified a threat actor we're calling ShadyPanda - responsible for a seven-year browser extension campaign that has infected 4.3 million Chrome and Edge users. Our investigation uncovered two active operations: A 300,000-user RCE backdoor: Five extensions, including the \"Featured\" and \"Verified\" Clean Master, were weaponized in mid-2024 after years of legitimate operation.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-greedybear-650-attack-tools-one-coordinated-campaign", "title": "GreedyBear: 650 Attack Tools, One Coordinated Campaign", "date": null, "year": null, "url": "https://www.koi.ai/blog/greedybear-650-attack-tools-one-coordinated-campaign", "domain": "koi.ai", "source_name": "Koi Research", "source_type": "manual-seed", "collector": "manual", "description": "Back Koi Research GreedyBear: 650 Attack Tools, One Coordinated Campaign Tuval Admoni , , August 8, 2025 Intro What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company? You get GreedyBear , the attack group that just redefined industrial-scale crypto theft. 150 weaponized Firefox extensions. nearly 500 malicious executables. Dozens of phishing websites. One coordinated attack infrastructure. According to user reports, over $1 million stolen .", "browser_family": [ "firefox", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-foxywallet-40-malicious-firefox-extensions-exposed", "title": "FoxyWallet: 40+ Malicious Firefox Extensions Exposed", "date": null, "year": null, "url": "https://www.koi.ai/blog/foxywallet-40-malicious-firefox-extensions-exposed", "domain": "koi.ai", "source_name": "Koi Security", "source_type": "sitemap", "collector": "https://www.koi.security/sitemap.xml", "description": "Back Koi Research FoxyWallet: 40+ Malicious Firefox Extensions Exposed Yuval Ronen , , July 2, 2025 Intro A large-scale malicious campaign has been uncovered involving dozens of fake Firefox extensions designed to steal cryptocurrency wallet credentials. These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet , and Filfox . Once installed, the malicious extensions silently exfiltrate wallet secrets, putting users’ assets at immediate risk.", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware", "title": "Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.", "date": null, "year": null, "url": "https://www.koi.security/blog/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware", "domain": "koi.security", "source_name": "Koi Security", "source_type": "manual-seed", "collector": "manual", "description": "Back Koi Research Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. Idan Dardikman , , July 8, 2025 Intro TL;DR - Our investigation of a single “verified” color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge. If you think a Chrome extension with Google’s verified badge, 100,000+ installs, 800+ reviews, and featured placement on the store is trustworthy? Think again.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "blog-vk-styles-500k-users-infected-by-chrome-extensions-that-hijack-vkontakte-accounts", "title": "VK Styles: 500K Users Infected by Chrome Extensions That Hijack VKontakte Accounts", "date": null, "year": null, "url": "https://www.koi.ai/blog/vk-styles-500k-users-infected-by-chrome-extensions-that-hijack-vkontakte-accounts", "domain": "koi.ai", "source_name": "Koi Security", "source_type": "sitemap", "collector": "https://www.koi.security/sitemap.xml", "description": "Back Koi Research VK Styles: 500K Users Infected by Chrome Extensions That Hijack VKontakte Accounts Ariel Cohen , , February 12, 2026 Intro Half a million VKontakte users had their accounts silently hijacked. Their settings reset every 30 days. Automatically subscribed to groups they never chose. All through Chrome extensions that looked like simple VK customization tools. We discovered a sophisticated malware campaign targeting VKontakte (VK), Russia's largest social network with over 650 million users.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-when-chrome-extensions-turn-against-us-the-cyberhaven-breach-and-beyond", "title": "When Chrome Extensions Turn Against Us: The Cyberhaven Breach and Beyond", "date": null, "year": null, "url": "https://www.koi.ai/blog/when-chrome-extensions-turn-against-us-the-cyberhaven-breach-and-beyond", "domain": "koi.ai", "source_name": "Koi Security", "source_type": "sitemap", "collector": "https://www.koi.security/sitemap.xml", "description": "Back Security Insights When Chrome Extensions Turn Against Us: The Cyberhaven Breach and Beyond Amit Assaraf , , December 30, 2024 Intro Did you ever wonder what happens when a cybersecurity company becomes a tool for spreading malware? This is exactly what happened to the cybersecurity company Cyberhaven last Wednesday, leading to the infection of its 400,000 users with malicious code through a Chrome extension. Cyberhaven is one of the startups in the DLP (Data Loss Prevention) space — a tool designed to prevent sensitive organizational data from leaking.", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "support-solutions-articles-67000750069-security-notice-trust-wallet-browser-extension-version-2-68-vulnerability", "title": "Security Notice: Trust Wallet Browser Extension Version 2.68 Vulnerability", "date": null, "year": null, "url": "https://support.trustwallet.com/support/solutions/articles/67000750069-security-notice-trust-wallet-browser-extension-version-2-68-vulnerability", "domain": "support.trustwallet.com", "source_name": "Trust Wallet", "source_type": "manual-seed", "collector": "manual", "description": "Last Updated: December 29, 2025 Overview We have identified a security incident affecting only the Trust Wallet Browser Extension version 2.68. To maintain the security of your wallet and assets, users currently using version 2.68 should immedi...", "browser_family": [ "chrome" ], "incident_types": [ "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" } ], "by_year": [ { "year": 2000, "count": 0, "entries": [] }, { "year": 2001, "count": 0, "entries": [] }, { "year": 2002, "count": 0, "entries": [] }, { "year": 2003, "count": 0, "entries": [] }, { "year": 2004, "count": 0, "entries": [] }, { "year": 2005, "count": 0, "entries": [] }, { "year": 2006, "count": 0, "entries": [] }, { "year": 2007, "count": 0, "entries": [] }, { "year": 2008, "count": 0, "entries": [] }, { "year": 2009, "count": 0, "entries": [] }, { "year": 2010, "count": 2, "entries": [ { "id": "addons-2010-07-13-add-on-security-announcement", "title": "Add-on security vulnerability announcement – Mozilla Add-ons Community Blog", "date": "2010-07-13", "year": 2010, "url": "https://blog.mozilla.org/addons/2010/07/13/add-on-security-announcement/", "domain": "blog.mozilla.org", "source_name": "Mozilla Add-ons Blog", "source_type": "manual-seed", "collector": "manual", "description": "One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older advisory on malicious add-on and security-vulnerable add-on" }, { "id": "2010-10-firesheep-baaaaad-news-for-the-unwary", "title": "Firesheep: Baaaaad News for the Unwary", "date": "2010-10-26", "year": 2010, "url": "https://krebsonsecurity.com/2010/10/firesheep-baaaaad-news-for-the-unwary/", "domain": "krebsonsecurity.com", "source_name": "Krebs on Security", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Akrebsonsecurity.com+browser+extension&format=rss", "description": "“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2011, "count": 1, "entries": [ { "id": "security-2011-03-25-comodo-certificate-issue-follow-up", "title": "Comodo Certificate Issue – Follow Up – Mozilla Security Blog", "date": "2011-03-25", "year": 2011, "url": "https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/", "domain": "blog.mozilla.org", "source_name": "Mozilla Security Blog", "source_type": "manual-seed", "collector": "manual", "description": "Categories: CA Program Firefox Security Comodo Certificate Issue – Follow Up Johnathan Nightingale March 25, 2011 30 responses This is a follow-up to the previous Mozilla report about the fraudulent certificates issued by Comodo last week. On 15th March 2011, a RA partner of the Comodo CA suffered an internal security breach ( Comodo incident report ). The attacker used the RA’s account with Comodo to cause 9 fraudulent certificates to be issued.", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Fraudulent certificate for addons.mozilla.org could have enabled malicious software downloads" } ] }, { "year": 2012, "count": 3, "entries": [ { "id": "malicious-chrome-extensions-targeting-facebook", "title": "Malicious Chrome Extensions Targeting Facebook", "date": "2012-03-26", "year": 2012, "url": "https://www.securityweek.com/malicious-chrome-extensions-targeting-facebook/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "manual-seed", "collector": "manual", "description": "Researchers from Kaspersky Lab have found examples of malicious Chrome applications targeting Facebook users in Brazil. The attack use several methods to entice users to install the malware, and despite Google’s best efforts, the criminals behind the attack keep getting new variants into the Chrome Web Store.", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older Chrome extension malware campaign coverage" }, { "id": "information-technology-2012-03-googles-chome-web-store-used-to-spread-malware", "title": "Google's Chrome Web store used to spread malware", "date": "2012-03-27", "year": 2012, "url": "https://arstechnica.com/information-technology/2012/03/googles-chome-web-store-used-to-spread-malware/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "manual-seed", "collector": "manual", "description": "Biz & IT Google’s Chrome Web store used to spread malware Attackers seeded Google's Chrome Web Store with a malicious extension to … Dan Goodin – Mar 27, 2012 2:15 pm | 32 Credit: Photograph by www.securelist.com Credit: Photograph by www.securelist.com Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Crooks have found a new venue to push malware: the official Google Chrome Web Store . It was recently used to hawk Chrome browser extensions secretly hijacking users’ Facebook profiles.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Older Chrome Web Store malware coverage" }, { "id": "information-technology-2012-05-firefox-security-add-in-exposes-users-web-browsing-history", "title": "Firefox \"security\" add-on exposes users' Web browsing history", "date": "2012-05-01", "year": 2012, "url": "https://arstechnica.com/information-technology/2012/05/firefox-security-add-in-exposes-users-web-browsing-history/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "manual-seed", "collector": "manual", "description": "E-Privacy Firefox “security” add-on exposes users’ Web browsing history Firefox plugin ShowIP transmits web visits home in the clear, exposing browser history. Sean Gallagher – May 1, 2012 9:45 am | 25 Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav A Firefox add-on that gives users the ability to collect information on the IP address, server hostname and other related data for websites they visit also has the added bonus feature of reporting the same information on every site visited to a third-party server, SophosLabs reports.", "browser_family": [ "firefox" ], "incident_types": [ "other" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Firefox ShowIP add-on privacy leak coverage" } ] }, { "year": 2013, "count": 1, "entries": [ { "id": "malicious-firefox-chrome-extension-hijacks-facebook-profiles", "title": "Malicious Firefox, Chrome Extension Hijacks Facebook Profiles", "date": "2013-05-12", "year": 2013, "url": "https://www.securityweek.com/malicious-firefox-chrome-extension-hijacks-facebook-profiles/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Researchers at Microsoft are reporting a wave of malicious browser extensions attempting to hijack Facebook profiles. The malware, known as Trojan:JS/Febipos.A, specifically targets Google Chrome and ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2014, "count": 2, "entries": [ { "id": "2014-04-malicious-chrome-extension-hijacks-html", "title": "Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets", "date": "2014-04-25", "year": 2014, "url": "http://thehackernews.com/2014/04/malicious-chrome-extension-hijacks.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2014-09-malware-can-bypasses-chrome-extension-html", "title": "Malware Can Bypass Chrome Extension Security Feature Easily", "date": "2014-09-06", "year": 2014, "url": "http://thehackernews.com/2014/09/malware-can-bypasses-chrome-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe’s Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2015, "count": 1, "entries": [ { "id": "2015-05-hack-google-password-html", "title": "Hacker Finds a Simple Way to Bypass Google Password Alert", "date": "2015-05-02", "year": 2015, "url": "http://thehackernews.com/2015/05/hack-google-password.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Less than 24 hours after Google launched the new Phishing alert extension Password Alert, a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2016, "count": 2, "entries": [ { "id": "brief-black-hat-asia-researchers-find-reusable-vulnerabilities-in-popular-firefox-extensions", "title": "Black Hat Asia: Researchers find reusable vulnerabilities in popular Firefox extensions", "date": "2016-04-03", "year": 2016, "url": "https://www.scmagazine.com/brief/black-hat-asia-researchers-find-reusable-vulnerabilities-in-popular-firefox-extensions", "domain": "scmagazine.com", "source_name": "SC Media", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+vulnerability&format=rss", "description": "Flaws affecting popular Firefox extensions were disclosed by researchers at Black Hat Asia in Singapore. The reusable vulnerabilities were discovered by Northeastern Univeristy PhD candidate Ahmet ...", "browser_family": [ "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2016-07-lastpass-password-manager-html", "title": "LastPass Bug Lets Hackers Steal All Your Passwords", "date": "2016-07-27", "year": 2016, "url": "http://thehackernews.com/2016/07/lastpass-password-manager.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2017, "count": 4, "entries": [ { "id": "2017-07-cisco-webex-vulnerability-html", "title": "Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!", "date": "2017-07-17", "year": 2017, "url": "http://thehackernews.com/2017/07/cisco-webex-vulnerability.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim's computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-07-chrome-extention-hacking-adware-html", "title": "Someone Hijacks A Popular Chrome Extension to Push Malware", "date": "2017-07-31", "year": 2017, "url": "http://thehackernews.com/2017/07/chrome-extention-hacking-adware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users. Unfortunately, the Chrome extension of Copyfish has", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-08-chrome-extension-for-web-developers-html", "title": "Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users", "date": "2017-08-03", "year": 2017, "url": "http://thehackernews.com/2017/08/chrome-extension-for-web-developers.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing attacks aimed at hijacking", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2017-08-chrome-extension-hacking-html", "title": "8 More Chrome Extensions Hijacked to Target 4.8 Million Users", "date": "2017-08-16", "year": 2017, "url": "http://thehackernews.com/2017/08/chrome-extension-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google's Chrome web browser Extensions are under attack with a series of developers being hacked within last one month. Almost two weeks ago, we reported how unknown attackers managed to compromise the Chrome Web Store account of a developer team and hijacked Copyfish extension, and then modified it to distribute spam correspondence to users. Just two days after that incident, some unknown", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2018, "count": 11, "entries": [ { "id": "information-technology-2018-01-500000-chrome-users-fall-prey-to-malicious-extensions-in-google-web-store", "title": "Google Chrome extensions with 500,000 downloads found to be malicious", "date": "2018-01-16", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/01/500000-chrome-users-fall-prey-to-malicious-extensions-in-google-web-store/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what’s widely considered to ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2018-01-malicious-chrome-extension-is-next-to-impossible-to-manually-remove", "title": "Malicious Chrome extension is next to impossible to manually remove", "date": "2018-01-19", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/01/malicious-chrome-extension-is-next-to-impossible-to-manually-remove/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s most secure browser, a researcher has documented a malicious add-on that tricks users into ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-02-grammar-checking-software-html", "title": "Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data", "date": "2018-02-06", "year": 2018, "url": "http://thehackernews.com/2018/02/grammar-checking-software.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users' accounts, including their personal documents and records, vulnerable to remote hackers. According to Google Project Zero researcher Tavis Ormandy, who discovered the vulnerability on February 2, the Chrome and Firefox extension of", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-04-adblocker-chrome-extention-html", "title": "Over 20 Million Users Installed Malicious Ad Blockers From Chrome Store", "date": "2018-04-19", "year": 2018, "url": "http://thehackernews.com/2018/04/adblocker-chrome-extention.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users. Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-05-facebook-cryptocurrency-hacking-html", "title": "A New Cryptocurrency Mining Virus is Spreading Through Facebook", "date": "2018-05-01", "year": 2018, "url": "http://thehackernews.com/2018/05/facebook-cryptocurrency-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts’", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2018-05-malicious-chrome-extensions-infect-more-than-100000-users-again", "title": "Malicious Chrome extensions infect 100,000-plus users, again", "date": "2018-05-10", "year": 2018, "url": "https://arstechnica.com/information-technology/2018/05/malicious-chrome-extensions-infect-more-than-100000-users-again/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-05-chrome-facebook-malware-html", "title": "7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords", "date": "2018-05-11", "year": 2018, "url": "http://thehackernews.com/2018/05/chrome-facebook-malware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-06-pythonbot-pbot-adware-html", "title": "Python-Based Adware Evolves to Install Malicious Browser Extensions", "date": "2018-06-26", "year": 2018, "url": "http://thehackernews.com/2018/06/pythonbot-pbot-adware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Security researchers have been warning of a few newly detected variants of python-based adware that are being distributed in the wild not only to inject ads but also found installing malicious browser extensions and hidden cryptocurrency miner into victims' computers. Dubbed PBot, or PythonBot, the adware was first uncovered more than a year ago, but since then the malware has evolved, as its", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-09-mega-file-upload-chrome-extension-html", "title": "Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords", "date": "2018-09-05", "year": 2018, "url": "http://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets.", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "gadgets-2018-10-google-taking-new-steps-to-prevent-malicious-chrome-extensions", "title": "Google taking new steps to prevent malicious Chrome extensions", "date": "2018-10-02", "year": 2018, "url": "https://arstechnica.com/gadgets/2018/10/google-taking-new-steps-to-prevent-malicious-chrome-extensions/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store. Google has already taken some steps to ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2018-10-google-chrome-extensions-security-html", "title": "Google Announces 5 Major Security Updates for Chrome Extensions", "date": "2018-10-02", "year": 2018, "url": "http://thehackernews.com/2018/10/google-chrome-extensions-security.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2019, "count": 5, "entries": [ { "id": "2019-02-24-chrome-extension-activity-tracking-html", "title": "Chrome may help you track rogue browser extensions", "date": "2019-02-24", "year": 2019, "url": "https://www.engadget.com/2019-02-24-chrome-extension-activity-tracking.html", "domain": "engadget.com", "source_name": "Engadget", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aengadget.com+browser+extension+malicious&format=rss", "description": "It won't surprise you to hear that some Chrome extensions behave badly, but how do you spot malicious activity when it isn't always obvious? Google might soon have a way. Techdows has noticed a recent ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-06-evernote-extension-hacking-html", "title": "Critical Flaw Reported in Popular Evernote Extension for Chrome Users", "date": "2019-06-13", "year": 2019, "url": "http://thehackernews.com/2019/06/evernote-extension-hacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-used-by-hackers-for-ad-fraud", "title": "Malicious Browser Extensions Used by Hackers for Ad Fraud", "date": "2019-07-18", "year": 2019, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-used-by-hackers-for-ad-fraud/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Researchers unearthed a new and highly prolific malware framework used by its creators to generate over one billion fraudulent ad impressions over a time span of just three months. The attackers used ...", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-09-browser-chrome-extension-adblock-html", "title": "Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme", "date": "2019-09-20", "year": 2019, "url": "http://thehackernews.com/2019/09/browser-chrome-extension-adblock.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2019-12-avast-and-avg-browser-plugins-html", "title": "Avast and AVG Browser Extensions Spying On Chrome and Firefox Users", "date": "2019-12-03", "year": 2019, "url": "http://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2020, "count": 10, "entries": [ { "id": "information-technology-2020-01-mozilla-and-google-crack-down-on-malicious-and-abusive-browser-extensions", "title": "More than 200 browser extensions ejected from Firefox and Chrome stores", "date": "2020-01-30", "year": 2020, "url": "https://arstechnica.com/information-technology/2020/01/mozilla-and-google-crack-down-on-malicious-and-abusive-browser-extensions/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "Mozilla and Google are cracking down on malicious and abusive extensions available for the Firefox and Chrome browsers, respectively. The moves come in response to the recent detection of add-ons that ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-02-chrome-extension-malware-html", "title": "500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users", "date": "2020-02-14", "year": 2020, "url": "http://thehackernews.com/2020/02/chrome-extension-malware.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-03-the-case-for-limiting-your-browser-extensions", "title": "The Case for Limiting Your Browser Extensions", "date": "2020-03-02", "year": 2020, "url": "https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-extensions/", "domain": "krebsonsecurity.com", "source_name": "Krebs on Security", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Akrebsonsecurity.com+browser+extension&format=rss", "description": "Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-04-chrome-cryptocurrency-extensions-html", "title": "49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets", "date": "2020-04-15", "year": 2020, "url": "http://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort. \"Essentially, the extensions", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tens-malicious-chrome-extensions-used-global-surveillance-campaign", "title": "Tens of Malicious Chrome Extensions Used in Global Surveillance Campaign", "date": "2020-06-18", "year": 2020, "url": "https://www.securityweek.com/tens-malicious-chrome-extensions-used-global-surveillance-campaign/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before removal, Awake Security reveals. Malicious Chrome extensions employed in a ...", "browser_family": [ "chrome", "chromium" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2020-06-chrome-browser-extensions-spying-html", "title": "Over 100 New Chrome Browser Extensions Caught Spying On Users", "date": "2020-06-22", "year": 2020, "url": "http://thehackernews.com/2020/06/chrome-browser-extensions-spying.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a \"massive global surveillance campaign\" targeting oil and gas, finance, and healthcare sectors. Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar,", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "gadgets-2020-11-fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store", "title": "Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn", "date": "2020-11-20", "year": 2020, "url": "https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "For years, Google and Mozilla have battled to keep abusive or outright malicious browser extensions from infiltrating their official repositories. Now, Microsoft is taking up the fight. Over the past ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "information-technology-2020-12-up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons", "title": "Up to 3 million devices infected by malware-laced Chrome and Edge add-ons", "date": "2020-12-16", "year": 2020, "url": "https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday. In all, ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-chrome-edge-extensions", "title": "Malicious Chrome and Edge Extensions Affect Millions of Users", "date": "2020-12-16", "year": 2020, "url": "https://www.infosecurity-magazine.com/news/malicious-chrome-edge-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Three million Google Chrome and Microsoft Edge users could be at risk of data theft and phishing after researchers discovered malware hidden in multiple browser extensions. At least 28 third-party ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "millions-users-downloaded-28-malicious-chrome-and-edge-extensions", "title": "Millions of Users Downloaded 28 Malicious Chrome and Edge Extensions", "date": "2020-12-17", "year": 2020, "url": "https://www.securityweek.com/millions-users-downloaded-28-malicious-chrome-and-edge-extensions/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Malware hidden in 28 third-party extensions for Google Chrome and Microsoft Edge redirects users to ads or phishing sites, Avast warned this week. Distributed through official app stores, the ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2021, "count": 5, "entries": [ { "id": "information-technology-2021-02-malicious-chrome-and-edge-add-ons-had-a-novel-way-to-hide-on-3-million-devices", "title": "Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices", "date": "2021-02-03", "year": 2021, "url": "https://arstechnica.com/information-technology/2021/02/malicious-chrome-and-edge-add-ons-had-a-novel-way-to-hide-on-3-million-devices/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "In December, Ars reported that as many as 3 million people had been infected by Chrome and Edge browser extensions that stole personal data and redirected users to ad or phishing sites. Now, the ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "malicious-mozilla-firefox-gmail-164263", "title": "Malicious Mozilla Firefox Extension Allows Gmail Takeover", "date": "2021-02-25", "year": 2021, "url": "https://threatpost.com/malicious-mozilla-firefox-gmail/164263/", "domain": "threatpost.com", "source_name": "Threat Post", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on", "title": "Chinese cyberspies targeted Tibetans with a malicious Firefox add-on", "date": "2021-02-25", "year": 2021, "url": "https://www.zdnet.com/article/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on/", "domain": "zdnet.com", "source_name": "ZDNet", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts", "title": "Malicious Firefox extension allowed hackers to hijack Gmail accounts", "date": "2021-02-26", "year": 2021, "url": "https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with ...", "browser_family": [ "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency", "title": "Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency", "date": "2021-09-27", "year": 2021, "url": "https://www.bleepingcomputer.com/news/security/malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "A malicious Firefox add-on named \"Safepal Wallet\" scammed users by emptying out their wallets and lived on the Mozilla add-ons store for seven months. Safepal is a cryptocurrency wallet application ...", "browser_family": [ "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2022, "count": 7, "entries": [ { "id": "2022-07-experts-uncover-350-browser-extension-html", "title": "Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign", "date": "2022-07-08", "year": 2022, "url": "http://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the \"extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-07-north-korean-hackers-using-malicious-html", "title": "North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts", "date": "2022-07-30", "year": 2022, "url": "http://thehackernews.com/2022/07/north-korean-hackers-using-malicious.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-targeted-almost-7-million-people", "title": "Malicious browser extensions targeted almost 7 million people", "date": "2022-08-16", "year": 2022, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-targeted-almost-7-million-people/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads ...", "browser_family": [], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-08-malicious-browser-extensions-targeted-html", "title": "Malicious Browser Extensions Targeted Over a Million Users So Far This Year", "date": "2022-08-17", "year": 2022, "url": "http://thehackernews.com/2022/08/malicious-browser-extensions-targeted.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. \"From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons,\" the company said. As", "browser_family": [ "chrome", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-08-experts-find-malicious-cookie-stuffing-html", "title": "Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users", "date": "2022-08-31", "year": 2022, "url": "http://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. \"The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,\" McAfee researchers Oliver Devane and Vallabh Chole&", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-extension-lets-attackers-control-google-chrome-remotely", "title": "Malicious extension lets attackers control Google Chrome remotely", "date": "2022-11-08", "year": 2022, "url": "https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the ...", "browser_family": [ "chrome", "chromium", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2022-11-this-malware-installs-malicious-browser-html", "title": "This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos", "date": "2022-11-22", "year": 2022, "url": "http://thehackernews.com/2022/11/this-malware-installs-malicious-browser.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an", "browser_family": [ "brave", "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2023, "count": 9, "entries": [ { "id": "2023-03-fake-chatgpt-chrome-extension-hijacking-html", "title": "Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising", "date": "2023-03-13", "year": 2023, "url": "http://thehackernews.com/2023/03/fake-chatgpt-chrome-extension-hijacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. \"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus,\" Guardio", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cyberattacks-data-breaches-malicious-chatgpt-extensions-add-to-google-chrome-woes", "title": "Malicious ChatGPT Extensions Add to Google Chrome Woes", "date": "2023-03-23", "year": 2023, "url": "https://www.darkreading.com/cyberattacks-data-breaches/malicious-chatgpt-extensions-add-to-google-chrome-woes", "domain": "darkreading.com", "source_name": "Dark Reading", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Yet another version of the malicious, Facebook account-stealing ChatGPT browser extension for Google Chrome has emerged, representing a new variant in a campaign affecting thousands of users daily.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-chrome-extensions-with-75m-installs-removed-from-web-store", "title": "Malicious Chrome extensions with 75M installs removed from Web Store", "date": "2023-06-02", "year": 2023, "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. The ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-malicious-chrome-extensions-you-should-remove-from-your-browser", "title": "Malicious Chrome Extensions You Should Remove from Your Browser | LayerX", "date": "2023-07-15", "year": 2023, "url": "https://layerxsecurity.com/blog/malicious-chrome-extensions-you-should-remove-from-your-browser/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Chrome extensions are small software programs that can be added to the Google Chrome web browser to enhance its functionality and customize their browsing experience. They are typically developed by third-party developers and can be found in the Chrome Web Store. But while Chrome extensions offer numerous benefits, they can also pose potential vulnerabilities to […]", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2023-08-new-version-of-rilide-data-theft-html", "title": "New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3", "date": "2023-08-03", "year": 2023, "url": "http://thehackernews.com/2023/08/new-version-of-rilide-data-theft.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. \"It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension Manifest V3, and additional features such as the ability to exfiltrate stolen data to a", "browser_family": [ "chrome", "chromium", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2023-08-google-chromes-new-feature-alerts-users-html", "title": "Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions", "date": "2023-08-18", "year": 2023, "url": "http://thehackernews.com/2023/08/google-chromes-new-feature-alerts-users.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked", "browser_family": [ "chrome", "chromium" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-chrome-feature-alerts-malicious", "title": "New Chrome Feature Alerts Users About Malicious Extensions", "date": "2023-08-20", "year": 2023, "url": "https://www.infosecurity-magazine.com/news/chrome-feature-alerts-malicious/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users when an extension they have installed is no longer available on the Chrome Web ...", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-malicious-browser-extensions-threats-and-security-solutions", "title": "Malicious Browser Extensions: Threats and Security Solutions - LayerX", "date": "2023-12-06", "year": 2023, "url": "https://layerxsecurity.com/blog/malicious-browser-extensions-threats-and-security-solutions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "In 2019, a network of browser extensions, primarily for Chrome, was revealed to have been scraping sensitive data from as many as four million users. The scraped data included PII, browsing history, medical information, and more. The data was then monetized through a commercialization scheme. This breach became known as the DataSpii incident, and it […]", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-299982-20231222-researchers-discover-malicious-chrome-extensions-disguised-fake-vpn-htm", "title": "Researchers Discover Malicious Chrome Extensions Disguised as Fake VPN", "date": "2023-12-22", "year": 2023, "url": "https://www.techtimes.com/articles/299982/20231222/researchers-discover-malicious-chrome-extensions-disguised-fake-vpn.htm", "domain": "techtimes.com", "source_name": "techtimes", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Cybersecurity researchers at ReasonLabs have discovered the presence of three fake Chrome extensions that are masquerading as VPNs. While it's easier to get fooled by the ads on the internet, the same ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2024, "count": 9, "entries": [ { "id": "2024-06-kimsuky-using-translatext-chrome-html", "title": "Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data", "date": "2024-06-28", "year": 2024, "url": "http://thehackernews.com/2024/06/kimsuky-using-translatext-chrome.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-24-08-16-banshee-stealer-malware-haunts-browser-extensions-on-macos", "title": "Banshee Stealer malware aims to rob data from macOS browser extensions", "date": "2024-08-16", "year": 2024, "url": "https://appleinsider.com/articles/24/08/16/banshee-stealer-malware-haunts-browser-extensions-on-macos", "domain": "appleinsider.com", "source_name": "AppleInsider", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious+update&format=rss", "description": "Security researchers have discovered a new malware for macOS, which can be used to attack over 100 browser extensions that may be installed on the target Mac. Apple tries hard to make macOS and its ...", "browser_family": [ "brave", "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-new-russian-threat-targets-over-100-apple-macos-browser-extensions", "title": "New Russian threat targets over 100 Apple macOS browser extensions", "date": "2024-08-19", "year": 2024, "url": "https://www.foxnews.com/tech/new-russian-threat-targets-over-100-apple-macos-browser-extensions", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Apple Macs are considered comparatively safer than Windows. This remains true, as in the past few months, we’ve noticed numerous malware and vulnerabilities affecting Windows laptops. However, a ...", "browser_family": [ "brave", "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cyberhaven-hack-google-chrome-extension", "title": "Cyber startup employee hacked to distribute malicious Chrome extension", "date": "2024-12-26", "year": 2024, "url": "https://therecord.media/cyberhaven-hack-google-chrome-extension", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "An unidentified threat actor has compromised an administrative account of a data security startup, using it to distribute a malicious update for its Chrome browser extension. Swiss-founded security ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "technology-cybersecurity-data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27", "title": "Hackers hijack a wide range of companies' Chrome extensions, experts say", "date": "2024-12-27", "year": 2024, "url": "https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/", "domain": "reuters.com", "source_name": "Reuters", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Dec 27 - Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-27-cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension", "title": "Cyber firm's Chrome extension hijacked to steal user passwords | TechCrunch", "date": "2024-12-27", "year": 2024, "url": "https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/", "domain": "techcrunch.com", "source_name": "TechCrunch", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Data-loss prevention startup Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens, according to an email sent ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "cybersecurity-hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155-html", "title": "Hackers injected malicious code into several Chrome extensions in recent attack", "date": "2024-12-29", "year": 2024, "url": "https://www.engadget.com/cybersecurity/hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155.html", "domain": "engadget.com", "source_name": "Engadget", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-16-chrome-extensions-hacked-exposing-html", "title": "Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft", "date": "2024-12-29", "year": 2024, "url": "http://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2024-12-when-good-extensions-go-bad-takeaways-html", "title": "When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions", "date": "2024-12-30", "year": 2024, "url": "http://thehackernews.com/2024/12/when-good-extensions-go-bad-takeaways.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2025, "count": 31, "entries": [ { "id": "news-chrome-browser-extensions-hijacked", "title": "Dozens of Chrome Browser Extensions Hijacked by Data Thieves", "date": "2025-01-01", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/chrome-browser-extensions-hijacked/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Security researchers have warned users of Google Chrome extensions to be on their guard after uncovering a major campaign focused on data theft. At least 36 compromised Chrome extensions have been ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "hackers-target-vpn-ai-extensions-google-chrome-malicious-updates", "title": "Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data", "date": "2025-01-01", "year": 2025, "url": "https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of ...", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "security-2025-01-dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices", "title": "Time to check if you ran any of these 33 malicious Chrome extensions", "date": "2025-01-02", "year": 2025, "url": "https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/", "domain": "arstechnica.com", "source_name": "Ars Technica", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Aarstechnica.com+browser+extension+malicious&format=rss", "description": "As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "application-security-chrome-extension-compromises-highlight-software-supply-challenges", "title": "Chrome Compromises Highlight Software Supply Challenges", "date": "2025-01-02", "year": 2025, "url": "https://www.darkreading.com/application-security/chrome-extension-compromises-highlight-software-supply-challenges", "domain": "darkreading.com", "source_name": "Dark Reading", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+supply+chain&format=rss", "description": "On Christmas Eve, developers at data detection and response firm Cyberhaven received a troubling email that seemed to come from Google, threatening to remove access to the company's Chrome extension ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "other" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-browser-extensions-are-the-next-frontier-for-identity-attacks", "title": "Malicious Browser Extensions are the Next Frontier for Identity Attacks", "date": "2025-01-07", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-are-the-next-frontier-for-identity-attacks/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "The recent attack campaign targeting browser extensions shows that malicious browser extensions are the next frontier for identity attacks. More than 2.6 million users across thousands of ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-full-browser-device-takeover", "title": "Syncjacking Attack Enables Full Browser and Device Takeover", "date": "2025-01-29", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/full-browser-device-takeover/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Security researchers have warned of a new attack which could enable malicious extensions to gain full control of a targeted browser and device, with minimal user interaction. SquareX said that, until ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-malicious-chrome-extensions-can-spoof-password-managers-in-new-attack", "title": "Malicious Chrome extensions can spoof password managers in new attack", "date": "2025-03-06", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "A newly devised \"polymorphic\" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "polymorphic-extensions-the-silent-data-thieves", "title": "This Browser Hack Can Steal Everything : Polymorphic Extensions", "date": "2025-03-11", "year": 2025, "url": "https://www.geeky-gadgets.com/polymorphic-extensions-the-silent-data-thieves/", "domain": "geeky-gadgets.com", "source_name": "Geeky Gadgets", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "A recent security demonstration has revealed a sophisticated cyberattack targeting browser extensions known as “polymorphic extensions.” These malicious tools exploit the permissions granted to ...", "browser_family": [ "edge" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-03-237454-private-keys-may-be-exposed-via-critical-vulnerability-in-switchomega-a-chrome-proxy-switching-extension-report", "title": "Private Keys May Be Exposed Via Critical Vulnerability In SwitchOmega, A Chrome Proxy-Switching Extension - Report | Crowdfund Insider", "date": "2025-03-17", "year": 2025, "url": "https://www.crowdfundinsider.com/2025/03/237454-private-keys-may-be-exposed-via-critical-vulnerability-in-switchomega-a-chrome-proxy-switching-extension-report/", "domain": "crowdfundinsider.com", "source_name": "Crowdfund Insider", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Blockchain security firm SlowMist released a detailed report exposing a critical vulnerability in SwitchyOmega, a widely used Chrome proxy-switching extension, highlighting its potential to steal ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-security-alert-christmas-day-chrome-extension-compromise", "title": "Security alert: Christmas Day Chrome extension compromise", "date": "2025-03-24", "year": 2025, "url": "https://expel.com/blog/security-alert-christmas-day-chrome-extension-compromise/", "domain": "expel.com", "source_name": "Expel", "source_type": "sitemap", "collector": "https://expel.com/post-sitemap.xml", "description": "BLOG | RAPID RESPONSE Security alert: Christmas Day Chrome extension compromise Subscribe × MktoForms2.loadForm(\"//info.expel.com\", \"986-VWL-068\", 1036); MktoForms2.whenReady(function (form){ //Add an onSuccess handler form.onSuccess(function(values, followUpUrl){ // GTM event for tracking window.dataLayer.push({ \"event\": \"mkto.form.success\", \"mkto.form.values\": values, \"conversionType\": \"subscribe\", \"eventTimeout\": 3000 }); location.href=\"/subscribe-thanks\"; //get the form's jQuery element and hide it...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-05-100-fake-chrome-extensions-found-html", "title": "100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads", "date": "2025-05-20", "year": 2025, "url": "http://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. \"The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-layerx-reveals-40malicious-browser-extensions", "title": "LayerX Reveals 40+ Malicious Browser Extensions - LayerX", "date": "2025-05-22", "year": 2025, "url": "https://layerxsecurity.com/blog/layerx-reveals-40malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "LayerX has identified over 40 malicious browser extensions that are part of three distinct phishing campaigns. The initial detection of this campaign was done by the DomainTools Intelligence (DTI) team, who identified a list of suspicious domains that were communicating with browser extensions masquerading as legitimate brands. However, while the research by DTI provided a […]", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "thousands-of-chrome-extensions-are-tampering-with-security-headers", "title": "Thousands of Chrome extensions are tampering with security headers", "date": "2025-05-24", "year": 2025, "url": "https://therecord.media/thousands-of-chrome-extensions-are-tampering-with-security-headers", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Thousands of Google Chrome extensions available on the official Chrome Web Store are tampering with security headers on popular websites, putting users at risk of a wide range of web-based attacks.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-18-malicious-chrome-edge-extensions", "title": "18 Malicious Chrome and Edge Extensions Disguise as Everyday Tools", "date": "2025-07-07", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A set of 18 malicious browser extensions that are still available to download on Google Chrome and Microsoft Edge have been identified by a team of security researchers at Koi Security. These ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "crypto-roundup-malicious-firefox-extensions-a-28940", "title": "Crypto Roundup: Malicious Firefox Extensions", "date": "2025-07-10", "year": 2025, "url": "https://www.govinfosecurity.com/crypto-roundup-malicious-firefox-extensions-a-28940", "domain": "govinfosecurity.com", "source_name": "HHS", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=firefox+extension+malicious&format=rss", "description": "Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for ...", "browser_family": [ "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-malicious-browser-extensions-caught-spying-2-million-users", "title": "Malicious browser extensions caught spying on 2 million users", "date": "2025-07-14", "year": 2025, "url": "https://www.foxnews.com/tech/malicious-browser-extensions-caught-spying-2-million-users", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Every day, millions of people install tiny browser add-ons they believe will improve productivity or entertainment. With so many options available on the Chrome Web Store, users often rely on trust ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-layerx-joins-forces-with-google-chrome-enterprise-to-stop-malicious-browser-extensions", "title": "LayerX Joins Forces with Google Chrome Enterprise to Stop Malicious Browser Extensions - LayerX", "date": "2025-07-29", "year": 2025, "url": "https://layerxsecurity.com/blog/layerx-joins-forces-with-google-chrome-enterprise-to-stop-malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "We’ve always believed that the browser is the new workspace. And as work increasingly happens inside the browser, it’s no surprise that securing it has become mission-critical. That’s why we’re thrilled to share some big news: LayerX is now officially collaborating with Google Chrome Enterprise to deliver a new level of visibility and control over […]", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "tech-malicious-firefox-extensions-are-draining-crypto-wallets", "title": "Malicious Firefox Extensions Are Draining Crypto Wallets", "date": "2025-08-10", "year": 2025, "url": "https://lifehacker.com/tech/malicious-firefox-extensions-are-draining-crypto-wallets", "domain": "lifehacker.com", "source_name": "Lifehacker", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Emily Long is a freelance writer based in Salt Lake City. After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of ...", "browser_family": [ "chrome", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-chrome-vpn-extension-spyware", "title": "Legitimate Chrome VPN Extension Turns to Browser Spyware", "date": "2025-08-18", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A popular Google-featured browser extension offering a virtual private network (VPN) service recently turned malicious and is now spying on users’ every move online. Researchers from Koi Security ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-08-28-new-research-shows-passkeys-can-hijacked-malicious-extensions", "title": "New research shows passkeys can be hijacked through malicious extensions - SiliconANGLE", "date": "2025-08-28", "year": 2025, "url": "https://siliconangle.com/2025/08/28/new-research-shows-passkeys-can-hijacked-malicious-extensions/", "domain": "siliconangle.com", "source_name": "SiliconANGLE", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "A new report out today from browser security company SquareX Ltd. reveals a critical flaw in passkeys, the widely promoted alternative to passwords, that could allow attackers to hijack accounts ...", "browser_family": [ "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-10-131-chrome-extensions-caught-hijacking-html", "title": "131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign", "date": "2025-10-20", "year": 2025, "url": "http://thehackernews.com/2025/10/131-chrome-extensions-caught-hijacking.html", "domain": "thehackernews.com", "source_name": "The Hacker News", "source_type": "feed", "collector": "https://thehackernews.com/feeds/posts/default/-/chrome%20extension?alt=json&max-results=500", "description": "Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. \"", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-4078274-ai-browsers-can-be-abused-by-malicious-ai-sidebar-extensions-report-html", "title": "AI browsers can be abused by malicious AI sidebar extensions: Report", "date": "2025-10-22", "year": 2025, "url": "https://www.computerworld.com/article/4078274/ai-browsers-can-be-abused-by-malicious-ai-sidebar-extensions-report.html", "domain": "computerworld.com", "source_name": "Computerworld", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Acomputerworld.com+browser+extension+malicious&format=rss", "description": "AI browsers may be smart, but they’re not smart enough to block a common threat: Malicious extensions. That’s the conclusion of researchers at SquareX, who on Thursday released a report showing how ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "2025-10-ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars-html", "title": "AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars | NextBigFuture.com", "date": "2025-10-22", "year": 2025, "url": "https://www.nextbigfuture.com/2025/10/ai-sidebar-spoofing-attack-squarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebars.html", "domain": "nextbigfuture.com", "source_name": "NextBigFuture", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar ...", "browser_family": [ "brave", "edge", "firefox", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "ai-sidebar-spoofing-puts-chatgpt-atlas-perplexity-comet-and-other-browsers-at-risk", "title": "AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk", "date": "2025-10-22", "year": 2025, "url": "https://www.securityweek.com/ai-sidebar-spoofing-puts-chatgpt-atlas-perplexity-comet-and-other-browsers-at-risk/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Enterprise browser security firm SquareX has demonstrated how malicious browser extensions can impersonate AI sidebar interfaces for phishing and other nefarious purposes. The attack method, named AI ...", "browser_family": [ "brave", "chrome", "edge", "firefox" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-articles-malware-chrome-extension-secretly-siphoned-200102846-html", "title": "Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months", "date": "2025-11-27", "year": 2025, "url": "https://www.yahoo.com/news/articles/malware-chrome-extension-secretly-siphoned-200102846.html", "domain": "yahoo.com", "source_name": "Yahoo", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Add Yahoo as a preferred source to see more of our stories on Google. A Chrome extension marketed as a convenient trading tool has been secretly siphoning SOL from users' swaps since last June, ...", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-security-shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign", "title": "ShadyPanda browser extensions amass 4.3M installs in malicious campaign", "date": "2025-12-01", "year": 2025, "url": "https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "A long-running malware operation known as \"ShadyPanda\" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-4099453-newly-discovered-malicious-extensions-could-be-lurking-in-enterprise-browsers-2-html", "title": "Newly discovered malicious extensions could be lurking in enterprise browsers", "date": "2025-12-01", "year": 2025, "url": "https://www.computerworld.com/article/4099453/newly-discovered-malicious-extensions-could-be-lurking-in-enterprise-browsers-2.html", "domain": "computerworld.com", "source_name": "Computerworld", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Once-trusted Chrome and Edge add-ons have quietly turned into tools for data harvesting, search manipulation, and a remote-execution backdoor affecting more than 4.3 million users. A sprawling ...", "browser_family": [ "chrome", "edge" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "chrome-edge-extensions-caught-tracking-users-creating-backdoors", "title": "Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors", "date": "2025-12-01", "year": 2025, "url": "https://www.securityweek.com/chrome-edge-extensions-caught-tracking-users-creating-backdoors/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. A threat actor has published over a hundred malicious ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-vs-code-extensions", "title": "Malicious VS Code Extensions Deploy Advanced Infostealer", "date": "2025-12-08", "year": 2025, "url": "https://www.infosecurity-magazine.com/news/malicious-vs-code-extensions/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...", "browser_family": [ "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-browser-extensions-hit-4-220052162-html", "title": "Malicious browser extensions hit 4.3M users", "date": "2025-12-10", "year": 2025, "url": "https://www.aol.com/news/malicious-browser-extensions-hit-4-220052162.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-introducing-the-tactics-techniques-matrix-for-malicious-browser-extensions", "title": "Introducing the Tactics & Techniques Matrix for Malicious Browser Extensions - LayerX", "date": "2025-12-14", "year": 2025, "url": "https://layerxsecurity.com/blog/introducing-the-tactics-techniques-matrix-for-malicious-browser-extensions/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Most of us rely on browser extensions every day, often without thinking about it. They make online work faster and easier by saving passwords, blocking ads, translating text, managing notes, or connecting our favorite-web apps together. For many organizations, extensions have also become a practical replacement for traditional desktop software. As endpoint malware grew […]", "browser_family": [ "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] }, { "year": 2026, "count": 21, "entries": [ { "id": "tech-browser-extension-malware-infected-8-8m-users-darkspectre-attack", "title": "Browser extension malware infected 8.8M users in DarkSpectre attack", "date": "2026-01-06", "year": 2026, "url": "https://www.foxnews.com/tech/browser-extension-malware-infected-8-8m-users-darkspectre-attack", "domain": "foxnews.com", "source_name": "Fox News", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+compromised+publisher&format=rss", "description": "Browser extensions promise convenience. Many offer simple tools like new tab pages, translators or video helpers. Researchers, however, uncovered a long-running malware operation that abused that ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "chrome-extensions-with-900000-downloads-caught-stealing-ai-chats", "title": "Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats", "date": "2026-01-06", "year": 2026, "url": "https://www.securityweek.com/chrome-extensions-with-900000-downloads-caught-stealing-ai-chats/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity. The applications, called ‘Chat GPT for Chrome with GPT-5, Claude Sonnet ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats", "title": "900K Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats", "date": "2026-01-06", "year": 2026, "url": "https://www.techrepublic.com/article/news-900k-users-chrome-extensions-steal-chatgpt-deepseek-chats/", "domain": "techrepublic.com", "source_name": "TechRepublic", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atechrepublic.com+browser+extension+malicious&format=rss", "description": "900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats Your email has been sent OX Security researchers found that more than 900,000 Chrome ...", "browser_family": [ "chrome" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-browser-extensions-gone-rogue-the-full-scope-of-the-ghostposter-campaign", "title": "Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign - LayerX", "date": "2026-01-15", "year": 2026, "url": "https://layerxsecurity.com/blog/browser-extensions-gone-rogue-the-full-scope-of-the-ghostposter-campaign/", "domain": "layerxsecurity.com", "source_name": "LayerX Security", "source_type": "sitemap", "collector": "https://layerxsecurity.com/sitemap-posts.xml", "description": "Last month, researchers at Koi Security published a detailed analysis of a malicious Firefox extension they dubbed GhostPoster – a browser-based malware leveraging an uncommon and stealthy payload delivery method: steganography within a PNG icon file. This innovative approach allowed the malware to evade traditional extension security reviews and static analysis tools. Following their […]", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": "Seeded from existing post slideshow" }, { "id": "news-security-malicious-ghostposter-browser-extensions-found-with-840-000-installs", "title": "Malicious GhostPoster browser extensions found with 840,000 installs", "date": "2026-01-17", "year": 2026, "url": "https://www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/", "domain": "bleepingcomputer.com", "source_name": "Bleeping Computer", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ableepingcomputer.com+browser+extension+malicious&format=rss", "description": "Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. The ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "malicious-chrome-extension-crashes-browser-in-clickfix-variant-crashfix", "title": "Malicious Chrome Extension Crashes Browser in ClickFix Variant 'CrashFix'", "date": "2026-01-18", "year": 2026, "url": "https://www.securityweek.com/malicious-chrome-extension-crashes-browser-in-clickfix-variant-crashfix/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "A fresh variant of the ClickFix attack relies on a malicious Chrome extension to display a security warning and lure victims into executing unwanted commands to install malware, Huntress reports.", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "pro-security-more-malicious-browser-extensions-uncovered-chrome-firefox-and-edge-all-affected", "title": "Beware- over 840,000 malicious browser extensions uncovered", "date": "2026-01-18", "year": 2026, "url": "https://www.techradar.com/pro/security/more-malicious-browser-extensions-uncovered-chrome-firefox-and-edge-all-affected?amp;_bhlid=d94bbc114e30bf84376e1fbb1c843a2d258df5ef", "domain": "techradar.com", "source_name": "TechRadar", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=chrome+extension+malicious&format=rss", "description": "Security researchers LayerX have discovered 17 extensions for Chrome, Firefox, and Edge browsers which monitored people’s internet activity and installed backdoors for persistent access. In total, the ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "articles-one-17-browser-extensions-could-175544241-html", "title": "Do you have one of these 17 browser extensions? They could be tracking your browsing history.", "date": "2026-01-22", "year": 2026, "url": "https://www.aol.com/articles/one-17-browser-extensions-could-175544241.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "You might have a dangerous browser extension monitoring your browser history and not even know it. The Koi Security researchers originally identified 17 malicious ...", "browser_family": [ "chrome", "edge", "firefox" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "news-malicious-google-chrome-extensions-hijack-161709118-html", "title": "Malicious Google Chrome extensions hijack accounts", "date": "2026-01-25", "year": 2026, "url": "https://www.aol.com/news/malicious-google-chrome-extensions-hijack-161709118.html", "domain": "aol.com", "source_name": "AOL", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome. Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-small-tools-big-risk-when-browser-extensions-start-stealing-api-keys", "title": "Small Tools, Big Risk: When Browser Extensions Start Stealing API Keys", "date": "2026-01-27", "year": 2026, "url": "https://www.obsidiansecurity.com/blog/small-tools-big-risk-when-browser-extensions-start-stealing-api-keys", "domain": "obsidiansecurity.com", "source_name": "Obsidian Security", "source_type": "manual-seed", "collector": "manual", "description": "Background Last week, Obsidian Security published a customer advisory detailing a malicious browser extension that was actively stealing OpenAI API keys. That advisory focused on immediate risk and recommended actions for impacted organizations. This post is the technical write-up behind that advisory. It details how the extension operated, how API keys were exfiltrated, and why browser extensions remain an effective (and often overlooked) attack vector for data leakage. We also expand beyond the initial incident to examine a broader pattern of extensions that are at best misleading and at worst malicious.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "AI-extension theft dataset anchor" }, { "id": "news-fake-ai-assistants-google-chrome", "title": "Fake AI Assistants in Google Chrome Web Store Steal Passwords", "date": "2026-02-12", "year": 2026, "url": "https://www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/", "domain": "infosecurity-magazine.com", "source_name": "Infosecurity-magazine.com", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Ainfosecurity-magazine.com+browser+extension+malicious&format=rss", "description": "Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "over-300-malicious-chrome-extensions-caught-leaking-or-stealing-user-data", "title": "Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data", "date": "2026-02-13", "year": 2026, "url": "https://www.securityweek.com/over-300-malicious-chrome-extensions-caught-leaking-or-stealing-user-data/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft. Security researchers have discovered more than 300 Chrome extensions that leak ...", "browser_family": [ "chrome", "edge", "firefox", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "500000-vkontakte-accounts-hijacked-chrome-extensions", "title": "Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions", "date": "2026-02-15", "year": 2026, "url": "https://therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions", "domain": "therecord.media", "source_name": "The Record", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Atherecord.media+browser+extension+malicious&format=rss", "description": "Cybersecurity researchers have uncovered a malware campaign that reportedly hijacked half a million accounts on VKontakte — Russia’s most popular social network — through Google Chrome browser ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant", "title": "Vulnerability Allowed Hijacking Chrome's Gemini Live AI Assistant", "date": "2026-03-01", "year": 2026, "url": "https://www.securityweek.com/vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "A vulnerability in Chrome could have allowed malicious extensions to hijack the browser’s AI assistant to spy on users and exfiltrate data, Palo Alto Networks reports. Chrome’s side panel AI assistant ...", "browser_family": [ "chrome", "edge", "opera" ], "incident_types": [ "ai-related", "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "article-news-compromised-chrome-extension-malware-crypto-theft", "title": "Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets", "date": "2026-03-02", "year": 2026, "url": "https://www.techrepublic.com/article/news-compromised-chrome-extension-malware-crypto-theft/?email_hash=0d7a7050906b225db2718485ca0f3472", "domain": "techrepublic.com", "source_name": "TechRepublic", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+hijacked&format=rss", "description": "A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases. Image: madedee/Adobe A once-trusted Chrome ...", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension", "supply-chain" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "critical-flaw-in-claude-chrome-extension-allowed-malicious-prompt-injection", "title": "Critical Flaw in Claude Chrome Extension Can Allow Silent Malware", "date": "2026-03-27", "year": 2026, "url": "https://www.techjuice.pk/critical-flaw-in-claude-chrome-extension-allowed-malicious-prompt-injection/", "domain": "techjuice.pk", "source_name": "TechJuice", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=browser+extension+vulnerability&format=rss", "description": "Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.", "browser_family": [ "chrome" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "new-deepload-malware-dropped-in-clickfix-attacks", "title": "New DeepLoad Malware Dropped in ClickFix Attacks", "date": "2026-04-01", "year": 2026, "url": "https://www.securityweek.com/new-deepload-malware-dropped-in-clickfix-attacks/", "domain": "securityweek.com", "source_name": "SecurityWeek", "source_type": "bing-news-rss", "collector": "https://www.bing.com/news/search?q=site%3Asecurityweek.com+browser+extension+malicious&format=rss", "description": "The new DeepLoad malware has been distributed in ClickFix attacks to steal user credentials and install a rogue browser extension.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "blog-browser-extensions-mining-data-49829", "title": "Kaspersky official blog", "date": "2026-04-10", "year": 2026, "url": "https://www.kaspersky.com/blog/browser-extensions-mining-data/49829/", "domain": "kaspersky.com", "source_name": "Kaspersky", "source_type": "manual-seed", "collector": "manual", "description": "wi-fi AirSnitch: attacking Wi-Fi client isolation and guest networks How the AirSnitch vulnerability family threatens corporate networks, and what changes you need to make to your network architecture and settings to stay protected. Stan Kaminsky April 10, 2026", "browser_family": [], "incident_types": [ "vulnerability" ], "seeded": true, "extension_related": true, "incident_like": true, "note": "Known browser-extension incident roundup" }, { "id": "labs-critical-vulnerability-discovered-in-evernotes-chrome-extension", "title": "Critical Vulnerability Discovered in Evernote’s Chrome Extension", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/critical-vulnerability-discovered-in-evernotes-chrome-extension", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs Critical Vulnerability Discovered in Evernote’s Chrome Extension Avihay Kain Ido Schachter March 1, 2022 • 5 min read Table of Contents Heading 2 TLDR In May 2019 Guardio’s research team has discovered a critical vulnerability in Evernote Web Clipper for Chrome. A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user — granting access to sensitive user information not limited to Evernote’s domain. Financials, social media, personal emails, and more are all natural targets.", "browser_family": [ "chrome" ], "incident_types": [ "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "labs-crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack", "title": "“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs “CrossBarking” Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Nati Tal October 30, 2024 • 14 min read Table of Contents Heading 2 TLDR Guardio Labs has uncovered and fully disclosed a serious vulnerability in the Opera browser that allows malicious extensions to gain full access to permissive Private APIs, enabling actions like screen capturing, browser setting modifications, and account hijacking .", "browser_family": [ "chrome", "chromium", "edge", "opera" ], "incident_types": [ "malicious-extension", "vulnerability" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null }, { "id": "labs-fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with", "title": "“FakeGPT”: New Variant of Fake-ChatGPT Chrome Extension Stealing Facebook Ad Accounts with Thousands of Daily Installs", "date": "2026-04-12", "year": 2026, "url": "https://guard.io/labs/fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with", "domain": "guard.io", "source_name": "Guardio Labs", "source_type": "sitemap", "collector": "https://guard.io/sitemap.xml", "description": "Support For Business Pricing About Start for Free Login Start for Free Labs “FakeGPT” New Variant of Fake-ChatGPT Chrome Extension Stealing Facebook Ad Accounts with Thousands of Daily Installs Nati Tal March 8, 2023 • 8 min read Update: March 22, 2023 — Guardio Labs discovered another variant in this FakeGPT campaign, abusing open-source code and yet again hijacking Facebook profiles — read about it here . Update: March 9, 2023 — Following Guardio’ s report regarding this malicious extension to Google, the extension is now removed from Chrome’s store.", "browser_family": [ "chrome", "opera" ], "incident_types": [ "ai-related", "malicious-extension" ], "seeded": false, "extension_related": true, "incident_like": true, "note": null } ] } ] }