All news with #browser extension tag

AI Sidebar Spoofing Targets Comet and Atlas Browsers

⚠️ Security researchers disclosed a novel attack called AI sidebar spoofing that allows malicious browser extensions to place counterfeit in‑page AI assistants that visually mimic legitimate sidebars. Demonstrated against Comet and confirmed for Atlas, the extension injects JavaScript, forwards queries to a real LLM when requested, and selectively alters replies to inject phishing links, malicious OAuth prompts, or harmful terminal commands. Users who install extensions without scrutiny face a tangible risk.

Mozilla: New Firefox extensions must disclose data

🔒 Starting 3 November 2025, Mozilla will require new Firefox extension developers to declare data collection practices in manifest.json via a browser_specific_settings.gecko.data_collection_permissions key. Developers must adopt the framework across all extensions in the first half of 2026, and extensions that collect no personal data must state that explicitly. The declared practices will appear during installation, on the add-on listing, and in about:addons; submissions that omit the declaration will be blocked.

Malicious Extensions Spoof AI Browser Sidebars, Report

⚠️ Researchers at SquareX warn that malicious browser extensions can inject fake AI sidebars into AI-enabled browsers, including OpenAI Atlas, to steer users to attacker-controlled sites, exfiltrate data, or install backdoors. The extensions inject JavaScript to overlay a spoofed assistant and manipulate responses, enabling actions such as OAuth token harvesting or execution of reverse-shell commands. The report recommends banning unmanaged AI browsers where possible, auditing all extensions, applying strict zero-trust controls, and enforcing granular browser-native policies to block high-risk permissions and risky command execution.

131 Chrome Extensions Hijack WhatsApp Web for Spam

🔍 Cybersecurity researchers uncovered a coordinated operation that used 131 rebranded Chrome extensions—about 20,905 active users—to inject automation code into WhatsApp Web and conduct large-scale spam campaigns targeting Brazilian users. Socket found the add-ons share a common codebase, design patterns, and infrastructure and are primarily published under WL Extensão variants. The extensions pose a high spam risk by automating bulk outreach and scheduling to evade WhatsApp rate limits and violate Chrome Web Store policies.

Microsoft Edge to Revoke Malicious Sideloaded Extensions

🔒 Microsoft will add a security feature to Edge that detects and revokes malicious sideloaded extensions. The protection targets extensions installed via Developer Mode or other local sideloading methods that bypass the Microsoft Edge Add-ons vetting process. Microsoft plans a worldwide rollout in November for standard multi-tenant instances, aiming to reduce large-scale extension abuse and forced-install campaigns.

Mozilla lets Firefox add-on developers roll back updates

🔁 Mozilla now allows Firefox extension developers to roll back recently approved versions to a previously approved release, enabling fast mitigation of critical bugs and regressions. When reverted, users cannot install the problematic version, and browsers with automatic updates will revert affected installations within 24 hours. Developers can republish a prior build via the Developer Hub or the Add-on Submission API. Rollbacks require at least two approved versions on addons.mozilla.org, while self-distributed extensions may revert to any approved version.

CrowdStrike Launches Threat AI: Agentic Threat Intel

🔍 CrowdStrike unveiled Threat AI, described as the industry’s first agentic threat intelligence system, built on the Falcon platform to reason, hunt, and act across adversary activity. The initial agents — a Malware Analysis Agent and a Hunt Agent — automate complex workflows like reversing, classification, retrohunting, and continuous threat hunting to surface actionable recommendations. CrowdStrike also released a Threat Intelligence Browser Extension for Chrome to provide intelligence in analysts’ workflows, aiming to accelerate investigations and help SOCs respond at machine speed.

Browser Extension Management: Enterprise Buyer's Guide

🔒 Browser extensions present a significant, often unmonitored enterprise risk: they can run privileged code, inject scripts into web apps, access cookies and local storage, and persist via background processes. Keep Aware offers a Buyer’s Guide to Browser Extension Management that outlines these technical attack surfaces and illustrates how to reduce exposure. The guide compares common controls — GPO/MDM, EDR, enterprise browsers — with purpose-built browser security extensions to show trade-offs between visibility, enforcement, and user experience.

Malicious Browser Extensions Target Meta Advertisers

🔒 Researchers disclosed two coordinated campaigns that distribute fake browser extensions via malvertising and counterfeit sites to steal credentials, session tokens, and hijack Meta business accounts. Bitdefender documented ads pushing a fake "Meta Verified" add‑on named SocialMetrics Pro that harvests Facebook session cookies and exfiltrates them to a Telegram bot while also querying ipinfo[.]io for IP data. Cybereason described a separate campaign using counterfeit sites promoting a bogus Madgicx Plus platform and multiple rogue Chrome extensions that request broad site access, capture Google identity data, then pivot to Facebook to facilitate account takeover.