
108 Chrome extensions, one server: how to check yours for session theft
Socket found 108 Chrome extensions routing logins and live Telegram sessions to a single server. Here's how the campaign worked and how to check your own.
23 articles found

Socket found 108 Chrome extensions routing logins and live Telegram sessions to a single server. Here's how the campaign worked and how to check your own.

Chrome 146's Device Bound Session Credentials make stolen session cookies useless on another machine. How DBSC works and the gap extensions still exploit.
Two-thirds of Edge extensions and half of Firefox add-ons sit abandoned — no security update in a year. Why stale extensions are risky and how to check yours.
Everyone said Chrome's Manifest V2 deadline would kill ad blockers. Here's what the sunset actually stranded — and why Firefox is now the MV2 refuge.
A fake uBlock Origin clone crashed Chrome on purpose, then tricked users into running malware. Here's how to spot the CrashFix trap and check your extensions.
GhostPoster hid malware inside extension icon images for up to five years across Chrome, Firefox, and Edge. Here's how steganography works and what to check.

Google accidentally exposed an unfixed Chromium service worker flaw that keeps background scripts running after you close the browser. Here's how to stay safe.
A Chrome extension's leaked OAuth tokens pivoted into Vercel's systems. Here's how to audit the extension OAuth grants in your work Google account.
Any zero-permission extension can hijack Claude's AI session and exfiltrate your Gmail or GitHub data. Here's how ClaudeBleed works and how to protect yourself.
A sideloaded browser extension is how UNC6692's SNOWBELT runs inside headless Edge, skipping Web Store review entirely. Here's how to detect it in your org.
CVE-2026-0628 showed extensions with basic permissions could access your camera, mic, and files via Chrome's Gemini panel. Here's how to stay safe.
GlassWorm compromised 72+ Open VSX IDE extensions to deploy a Chrome infostealer stealing session cookies via Solana blockchain C2. Here's what to check.
ShadyPanda ran 145 malicious extensions on Chrome and Edge for 6 years, from affiliate fraud to keylogging spyware with 4.3M installs. How to check yours.
18 Chrome, Firefox, and Edge meeting extensions with 2.2M installs secretly harvested corporate meeting data. Here's what they did and how to check yours.
Stanley MaaS sold guaranteed Chrome Web Store bypass for $6,000. Here's how phishing extensions evade Google's review and how to protect yourself.
Fake Proton VPN extensions hit Chrome Web Store in 2026. Here's how to verify you have the real Proton VPN, what permissions it needs, and safer alternatives.
LayerX Labs showed any browser extension — even ones with no permissions — can silently modify your downloads to deliver malware. Here's how to stay safe.
QuickLens was hijacked via ownership transfer to push ClickFix attacks and crypto-stealing malware. Here's how to check your extensions are still safe.
ETH Zurich researchers broke zero-knowledge promises in Bitwarden, LastPass, and Dashlane with 25 attacks. Here's which password manager held up best.
Any browser extension can silently inject commands into ChatGPT, Gemini, and Claude. Here's how man-in-the-prompt attacks work and how to stay safe.
Security researchers exposed 300+ malicious Chrome extensions with 37.4M downloads stealing data, credentials, and emails. Here's how to protect yourself.
30 fake AI Chrome extensions caught stealing credentials and Gmail data from 300K users. Here's how to check if you're affected and protect yourself.
17 malicious sleeper extensions found across Firefox, Chrome, and Edge with 840K downloads. They hid malware in images for up to 5 years undetected.