Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure.
The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek.
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.
The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
Marketed as ChatGPT enhancement and productivity tools, the extensions allow the threat actor to access the victim’s ChatGPT data.
The post Chrome, Edge Extensions Caught Stealing ChatGPT Sessions appeared first on SecurityWeek.
Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats
Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity.
The post Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats appeared first on SecurityWeek.
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors
The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access.
The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek.
New Firefox Extensions Required to Disclose Data Collection Practices
All new extensions will be required to declare their data collection practices in their manifest file using a specific key.
The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.
Passkey Login Bypassed via WebAuthn Process Manipulation
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security.
The post Passkey Login Bypassed via WebAuthn Process Manipulation appeared first on SecurityWeek.
Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data
LayerX has disclosed an AI chatbot hacking method via web browser extensions it has named ‘man-in-the-prompt’.
The post Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data appeared first on SecurityWeek.
