Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol
Stay updated with the latest Chrome security features, vulnerabilities, and updates to safeguard your information online.
Search across headline titles and summaries.
Background for this topic.
Chrome is a web browser that processes and displays web content, executing complex web applications through its rendering engine and JavaScript runtime. Its architecture includes sandboxing techniques to isolate web pages and extensions, limiting their ability to affect the underlying system. Chrome’s extension framework allows third-party add-ons, which can introduce security risks if they request excessive permissions or contain malicious code.
Security concerns focus on vulnerabilities in Chrome’s engine or sandbox that could enable remote code execution or privilege escalation. Malicious or compromised extensions may access sensitive data or inject harmful scripts, making permission management critical. Timely patching of browser updates and monitoring for zero-day exploits are essential to maintain security, while features like site isolation help contain attacks originating from compromised web content or extensions. Understanding these aspects is key for protecting users from browser-based threats.
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative
Chrome will keep third-party cookies, a loss for privacy but a win for web ad rivals After six years of work, Google's Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.…
A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. [...]