Lmst
Login

#ChromeExtensions

N-gated Hacker Newsngate
2025-05-28

🤡 BREAKING NEWS: Chrome extensions can *still* mess with your life! 🕵️‍♂️ Turns out, they can't hack the Pentagon, but brace yourself, they might just close a tab or two without your permission. 😱🔒 Apparently, downloading a file isn't the same as installing it—who knew? 🙄
0x44.xyz/blog/cve-2023-4369/

Hacker Newsh4ckernews
2025-05-28

A privilege escalation from Chrome extensions (2023)

0x44.xyz/blog/cve-2023-4369/

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-05-21

Ever wonder if that trusty Chrome extension might be hiding a dark side? Cyber thieves are using sophisticated tricks—phishing, code injection, even abusing Chrome Sync—to swipe your data. Stay safe and learn how.

thedefendopsdiaries.com/data-s

#chromeextensions
#dataprotection
#cybersecurity
#malware
#phishing

TechnoTenshi :verified_trans: :Fire_Lesbian:technotenshi@infosec.exchange
2025-05-01

A Chrome extension exploited localhost access to talk to a local MCP server, bypassing the browser sandbox and interacting with sensitive tools like the filesystem — all without special permissions.

blog.extensiontotal.com/trust-

#browsersecurity #chromeextensions #infosec #sandboxescape

Hacker Newsh4ckernews
2025-05-01

Trust Me, I'm Local: Chrome Extensions, MCP, and the Sandbox Escape

blog.extensiontotal.com/trust-

Extension Surferextensionsurfer
2025-04-22

Finding the right Chrome extension just got easier!

Meet Extension Surfer – the smart way to discover the best Chrome extensions without wasting time.

No more endless scrolling or guessing what works. Extension Surfer does the research for you.

Whether you need to boost productivity, block ads, or just make browsing smoother — Extension Surfer helps you find exactly what you need.

🔗extensionsurfer.com

Winbuzzerwinbuzzer
2025-04-20

Report: 57 Unlisted Chrome Extensions Exposed 6 Million Users to Cookie Theft, Tracking Risks

winbuzzer.com/2025/04/20/repor

Hacker Newsh4ckernews
2025-04-20

Release: OLED Mode extension for Chrome

github.com/FreelanceProgrammin

EfaniEfani@infosec.exchange
2025-04-18

🚨 Over 6 million Chrome users may have unknowingly installed extensions with hidden tracking code — some with spyware-like behavior.

Researcher John Tuckner from Secure Annex discovered 57 extensions, some of them public, others hidden and only accessible via direct URL. These extensions pose serious security and privacy risks.

Here’s what these extensions can do:
- Access cookies, including sensitive headers like 'Authorization'
- Monitor browsing behavior and collect top-visited sites
- Modify search engines and results
- Inject remote scripts into webpages via iframes
- Execute commands remotely, including opening/closing tabs
- Activate tracking features on demand

Some extensions claim to be security or privacy tools — including names like “Fire Shield Extension Protection,” “Securify,” and “Browser Checkup” — but contain heavily obfuscated code and suspicious external callbacks to domains like "unknow (dot) com".

📛 These extensions are:
- Not searchable on the Chrome Web Store
- Actively pushed via ads and shady websites
- Operating under broad permissions without clear purpose
- Still live in some cases, despite partial takedowns

Here are some of the most-downloaded suspicious extensions:
- Cuponomia – Coupon and Cashback (700,000 users)
- Fire Shield Extension Protection (300,000 users)
- Browser WatchDog for Chrome (200,000 users)
- Securify for Chrome™ (200,000 users)
- Total Safety for Chrome™ (300,000 users)

If you use Chrome:
- Review your installed extensions
- Remove any of the above immediately
- Reset passwords for accounts you’ve accessed recently
- Avoid installing browser tools from unverified sources

🔐 At @Efani we believe privacy tools shouldn’t come with surveillance built in. Always check extension permissions — and if it asks for too much, it’s probably taking more than it gives.

#CyberSecurity #BrowserSecurity #ChromeExtensions #Spyware #EfaniSecure #Privacy

Rene Robichaudnerowild
2025-04-17

Chrome extensions with 6 million installs have hidden tracking code
bleepingcomputer.com/news/secu

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-04-17

Think your Chrome extensions are harmless? They might be quietly spying on your every click and keystroke. Discover what hidden tracking codes are really up to and learn how to protect your privacy now!

thedefendopsdiaries.com/unmask

#chromeextensions
#cybersecurity
#privacyprotection
#datasecurity
#browsersecurity

Brian Greenberg :verified:brian_greenberg@infosec.exchange
2025-04-11

🚨 4 Million+ Chrome Users at Risk: Sketchy Extensions Exposed 🧩🛑
A security researcher has uncovered dozens of shady Chrome extensions with over 4 million installs, many of which were designed to harvest user data and evade Chrome’s security review.

🔎 Key Takeaways:
・Some extensions used encrypted payloads to mask malicious behavior
・Others changed their functionality post-install to avoid early detection
・Users were tricked through fake review tactics and misleading features
・Most victims didn’t even know their data was being siphoned

🧹 What to do now:
・Audit your extensions
・Remove any you don’t 100% trust
・Use browser extensions from reputable developers only

Full article:
🔗 arstechnica.com/security/2025/
#Cybersecurity #ChromeExtensions #Infosec #BrowserSecurity #Privacy #DataProtection

Marcel SIneM(S)USsimsus@social.tchncs.de
2025-03-16

Neue Regeln: #Google :google: verbietet heimliche #Affiliate-Links in #Chrome-Erweiterungen | iX Magazin heise.de/news/Neue-Regeln-Goog #ChromeExtensions

Cyber Tips Guidecybertipsguide
2025-03-10

Protect Your Digital Identity! Beware of malicious Chrome extensions that mimic trusted apps like password managers. Only install from trusted sources & monitor for suspicious changes.

Read more - zurl.co/GFzTd

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-03-06

Understanding and Mitigating Polymorphic Chrome Extension Threats

thedefendopsdiaries.com/unders

#polymorphicthreats
#chromeextensions
#cybersecurity
#dataprotection
#infosecurity

Z(achary) YaroZMYaro
2025-03-03

I am going to keep @ChromeVoiceActions and my other extensions on MV2 and test them on older Chromebooks for as long as Google lets me, and when Chrome tries to disable them, you can go to chrome://extensions and manually re-enable them. I hope this explanation helps; thank you for understanding! (4/4)

A panel in Chrome extension settings says, These extensions were turned off because they're no longer supported. Chrome recommends that you remove them. Learn more about supported extensions. The list includes Touch-Friendliness for Discord, Voice Actions for Chrome, and XKCD Hover Text. Select More actions → Keep for now.A confirmation dialog says, Keep Voice Actions for Chrome? This extension is no longer supported. Chrome recommends that you remove it instead. Select Keep.
Solid Technagidelan
2025-02-13

5 AI Tools Extensions You Should Add to Your Google Chrome Browser

byteswifts.com/2025/02/5-ai-to

5 Al Tools extensions You Should Add to Your Google Chrome Browser
Loki the Catloki@jorijn.dev
2025-02-09

🐱 Looks like Google's playing cat and mouse with extension developers! After 7 years of "improvements," devs are still chasing their tails with MV3 platform issues. Even Privacy Badger can't properly catch those sneaky tracking redirects anymore. Sometimes the mouse wins! 🐭 #ChromeExtensions #Privacy

developers.slashdot.org/story/

pixelarabcom
2025-01-29

جوجل توقف دعم ميزة Chrome Sync للإصدارات القديمة من المتصفح بداية 2025 pixelarab.com/2025/01/29/%d8%a

Marcel SIneM(S)USsimsus@social.tchncs.de
2025-01-26

Logindaten und #ChatGPT-Keys im Visier: Details zu Attacke auf #ChromeExtensions | Developer heise.de/news/Logindaten-und-C #Datenschutz #privacy #DataLeak #Datenleck #CyberCrime #Phishing #SpearPhishing

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst