Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.

Your trusted extension/add-on with over 100k review might be spying on you.

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. Researchers at end-to-end data ...

Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome. Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These ...

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and enabling account takeover across popular enterprise HR and ERP platforms. A ...

A set of malicious Google Chrome Extensions which steal cookies, takeover accounts and actively block incident response have been identified targeting widely used human resource (HR) and enterprise ...

Emily Long is a freelance writer based in Salt Lake City. After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of ...

Malicious Google Chrome extensions have stolen large language model (LLM) conversations and browser data from hundreds of thousands of users. Application security vendor Ox Security detailed a ...

Chrome extensions are supposed to make your browser more useful, but they've quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered ...

The developers of a browser tool that changes AI-centric LinkedIn posts to Allen Iverson facts want to help “take back control of your experience of the internet.” One of the defining traits of ...