MUO on MSN

Your browser extensions can see every password you type

Your trusted extension/add-on with over 100k review might be spying on you.
Make Tech Easier

Malware Ridden Fake CAPTCHAs Make Me Hate CAPTCHAs Even More

Is that CAPTCHA you just encountered real? Find out how fake CAPTCHAs are installing hidden malware and how to stay safe.

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
SecurityWeek

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.
Dark Reading

260K+ Chrome Users Duped by Fake AI Browser Extensions

The Chrome Web Store has been infested with dozens of malicious browser extensions claiming to provide AI assistant functionality but that secretly are siphoning off personal information from victims.

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.
Fox News

Malicious Google Chrome extensions hijack accounts

Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome. Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These ...
Bleeping Computer

New malware service guarantees phishing extensions on Chrome web store

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. Researchers at end-to-end data ...
Tech Times

Hidden Claude Desktop Extension Flaw Could Let Hackers Seize Your PC

Security researchers warn that Claude Desktop Extensions may allow zero-click prompt injection attacks, potentially leading to remote code execution and full system compromise.
Fast Company

5 Chrome dashboard extensions to make your start page more useful

The “New Tab” page in Chrome is the digital equivalent of a blank stare. A white void. Nothing, and plenty of it. Why are we settling for this? Your browser’s ...
ZDNet

The best VPN extensions for Chrome in 2026: Expert tested and reviewed

ZDNET experts put every product through rigorous testing and research to curate the best options for you. If you buy through our links, we may earn a commission. Learn Our Process 'ZDNET Recommends': ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...