Latest Extensions news

YouTube tests harder-to-block server-side ad injection in videos

YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements.
- Bill Toulas
- June 13, 2024
- 10:42 AM
- 11
Malicious VSCode extensions with millions of installs discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
- Bill Toulas
- June 09, 2024
- 10:22 AM
- 7
Fake VPN Chrome extensions force-installed 1.5 million times

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.
- Bill Toulas
- December 22, 2023
- 08:30 AM
- 0
Chrome extensions can steal plaintext passwords from websites

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.
- Bill Toulas
- September 02, 2023
- 11:04 AM
- 6
Malicious Chrome extensions with 75M installs removed from Web Store

Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.
- Bill Toulas
- June 02, 2023
- 09:19 AM
- 5
VSCode Marketplace can be abused to host malicious extensions

Threat analysts at AquaSec have experimented with the security of VSCode Marketplace and found that it's surprisingly easy to upload malicious extensions from accounts that appear verified on the platform.
- Bill Toulas
- January 06, 2023
- 02:11 PM
- 0
Malicious extension lets attackers control Google Chrome remotely

A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.
- Bill Toulas
- November 08, 2022
- 04:37 PM
- 2
Chrome extensions with 1.4 million installs steal browsing data

Threat analysts at McAfee found five Google Chrome extensions that track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times.
- Bill Toulas
- August 30, 2022
- 11:11 AM
- 3
Cyberspies use Google Chrome extension to steal emails undetected

A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail.
- Sergiu Gatlan
- July 28, 2022
- 11:10 AM
- 0
Microsoft Exchange servers increasingly hacked with IIS backdoors

Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.
- Sergiu Gatlan
- July 26, 2022
- 02:01 PM
- 0
Chrome browser extension lets you remove specific sites from search results

The uBlackList browser extension lets you clean up search results by removing specific sites when searching on Google, DuckDuckGo, Bing, and other search engines.
- Lawrence Abrams
- June 18, 2022
- 11:50 AM
- 8
BlueNoroff hackers steal crypto using fake MetaMask extension

The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions.
- Bill Toulas
- January 13, 2022
- 03:14 PM
- 0
Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency

A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin.
- Ax Sharma
- September 27, 2021
- 07:21 AM
- 0
Google, Microsoft, and Mozilla work together on better browser extensions

Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group (WECG) to collaborate on standardizing browser extensions to enhance both security and performance.
- Sergiu Gatlan
- June 06, 2021
- 10:30 AM
- 5
Google Chrome now warns you of extensions from untrusted devs

Google has added new protection capabilities for Enhanced Safe Browsing users in Chrome, warning them when installing untrusted extensions and allowing them to request more in-depth scans of downloaded files.
- Sergiu Gatlan
- June 03, 2021
- 01:11 PM
- 0
Google Chrome fix released for worldwide crashes on Windows 10, Linux

Google has released a minor Google Chrome update that fixes the worldwide browser crashes occurring since Thursday on Windows 10 and Linux.
- Lawrence Abrams
- May 23, 2021
- 04:44 PM
- 0
Google Chrome is crashing worldwide on Windows 10 PCs, how to fix

Google Chrome has suddenly started crashing yesterday for many Windows users worldwide making the browser unusable.
- Lawrence Abrams
- May 21, 2021
- 10:16 AM
- 14
Malicious extension abuses Chrome sync to steal users’ data

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions.
- Sergiu Gatlan
- February 05, 2021
- 03:14 PM
- 0
Malicious Chrome, Edge extensions with 3M installs still in stores

Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites.
- Sergiu Gatlan
- December 16, 2020
- 05:04 PM
- 1
Firefox 80 released with new and faster extensions blocklist

Mozilla has released Firefox 80 today, August 25th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with new features, bug fixes, changes, enterprise improvements, and several security fixes.
- Sergiu Gatlan
- August 25, 2020
- 01:05 PM
- 2