Security news aggregator

Latest coverage for Browser Extension

Stay secure online with the latest browser extension updates, reviews, and threat alerts in information security. Protect your data with us.

55 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Browser extensions are small software add-ons that enhance or modify web browser functionality, such as blocking ads, managing passwords, or customizing page content. They operate within the browser environment and often require explicit permissions to access user data, browsing activity, or webpage content. Extensions are typically installed from official browser stores or third-party sources.

From a security perspective, extensions can pose risks if granted excessive permissions or sourced from untrusted developers. Malicious or compromised extensions may intercept sensitive information, inject harmful scripts into web pages, or enable tracking beyond normal browser capabilities. Security practitioners should carefully evaluate extension permissions, restrict installations to trusted sources, and ensure timely updates to mitigate risks related to data leakage, unauthorized access, or persistent browser compromise.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 55

A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. [...]

Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox

Bank Info Security 6 months, 3 weeks ago

Urban VPN Proxy Spies on AI Chatbot Conversations

Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi SecurityA browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself.

A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity

And some are still active in the Microsoft Edge store A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China. And, according to Koi researchers, five of the extensions with more than 4 million installs are still live in the Edge marketplace.…

Loading more headlines...