< ciso
brief />
Tag Banner

All news with #browser security tag

101 articles · page 2 of 6

High-Risk GenAI Browser Extensions Targeting Users

🛡️ Unit 42 identified 18 malicious browser extensions posing as GenAI productivity tools that deliver RATs, infostealers and MitM capabilities. These extensions intercept prompts, exfiltrate credentials and proxy HTTPS responses, often using AI-generated code to accelerate development. Organizations should restrict extensions, scrutinize permissions and treat browsers as critical attack surfaces. Google removed or warned developers after disclosure.
read more →

Study Finds Many Browser Extensions Collect and Sell Data

🔍 A LayerX Security study found more than 80 widely used browser extensions explicitly reserve the right to collect and sell user data, with millions of combined installations across categories such as streaming, ad blocking and productivity. The researchers reported that 71% of Chrome Web Store extensions do not publish a privacy policy, leaving many users without visibility into how their data is handled. The findings detail networks of media extensions aggregating viewing behavior and at least a dozen ad blockers and 29 business-focused extensions that may expose enterprise browsing activity. LayerX recommends organisations adopt centralized extension governance and add privacy policy review to extension evaluation criteria.
read more →

108 Malicious Chrome Extensions Target Google, Telegram

🔒 Researchers at Socket uncovered 108 malicious Google Chrome extensions that collectively amassed about 20,000 installs and reported to a single command-and-control server. Published under five publisher identities, the add-ons posed as games, Telegram sidebars, and enhancement tools while exfiltrating Google account data, hijacking Telegram Web sessions, opening arbitrary URLs, and injecting ads and scripts. Some source files contained Russian-language comments; attribution remains unconfirmed. Users should remove any identified extensions and log out of Telegram Web sessions immediately.
read more →

AI-Powered Pushpaganda Scam Hijacks Google Discover

🔔 Researchers uncovered 'Pushpaganda', an ad fraud campaign that uses search engine poisoning and AI-generated content to surface deceptive stories in Google Discover and trick Android and Chrome users into enabling persistent browser notifications. Once enabled, the alerts deliver scareware-style legal threats and redirect victims through actor-controlled domains that generate illicit ad revenue and funnel users to financial scams. HUMAN's findings link the operation to hundreds of domains and hundreds of millions of bid requests, and Google has deployed a fix.
read more →

Campaign of 108 Malicious Chrome Extensions Exposes Data

🚨Research by Socket uncovered a coordinated campaign of 108 malicious Chrome extensions that affected about 20,000 users. Distributed across gaming, social media and translation categories, these extensions appear legitimate while quietly harvesting sensitive data, including Google profiles and active web sessions. Operators used a single command-and-control infrastructure and shared code, complicating detection and enabling a Malware-as-a-Service model.
read more →

AI Browser Extensions: An Overlooked Enterprise Risk

🔒 A new report from LayerX warns that AI browser extensions are an unmonitored consumption channel that bypasses DLP and SaaS logs, granting direct access to page content, inputs, cookies, and sessions. AI extensions are significantly more likely to contain CVEs and to request scripting, cookie, or tab-manipulation permissions, and they frequently expand privileges after installation. The report urges continuous extension inventories, behavior-based controls, and stricter trust criteria to reduce exposure without hindering productivity.
read more →

Block the Prompt, Not the Work: Securing Sessions Now

🔒 Enterprise security must stop reflexively blocking tools and start governing browser sessions. The article argues that legacy controls—kernel‑hooking agents, SSL inspection and URL blocks—create a "Workaround Economy" where users move sensitive data to unmanaged apps and extensions. It urges a shift to session‑level governance with prompt‑level DLP, extension risk scoring, and agentless clipboard/upload controls to enable productivity while reducing blind spots.
read more →

Five Browser and AI Security Questions for CxOs to Consider

🔒 Work has shifted into the browser, creating a broad visibility and control gap as employees access SaaS, collaborate with GenAI and interact across unmanaged devices. Legacy perimeter and endpoint tools cannot see last-mile actions such as sensitive uploads to unsanctioned models, malicious extensions, or agentic browser behaviors that reassemble malware in memory. Prisma Browser restores control with context-aware policies, embedded Enterprise DLP, continuous page inspection and governance for both human and agent activity, enabling safe AI use without blocking innovation.
read more →

Cloudflare Expands Client-Side Security to All Users

🔒 Cloudflare is making advanced client-side protections self-serve and offering domain-based threat intelligence free across all Client-Side Security customers. The Client-Side Security Advanced bundle brings machine learning and an LLM-backed second opinion to detect malicious JavaScript and drastically reduce false positives. It relies on browser reporting like CSP and requires only that traffic be proxied through Cloudflare, so there is zero latency impact to applications. These tools are intended to help organizations of all sizes detect skimming, supply-chain compromises, and sophisticated browser-side attacks.
read more →

Experts Warn of Browser Extensions Poaching AI Prompts

🛡️ Security researchers have warned of malicious Chrome extensions that silently monitor and exfiltrate users' AI chat content. According to Expel, extensions watch open tabs and capture prompts and responses via API interception or DOM scraping before sending the data to external servers. Attackers either impersonate popular tools or convert legitimate extensions into malicious ones after building a user base. Organisations are urged to block unvetted AI extensions and centrally manage and audit extension use.
read more →

Firefox Adds Built-In VPN with 50GB Monthly Limit, Free

🛡️ Firefox 149 introduces a free built-in VPN that provides signed-in users with up to 50 GB of browser-only monthly traffic via a secure proxy. The feature can be toggled globally or enabled on up to five specific sites to save data, while certain sites and services are excluded to avoid sign-in and reconnection issues. Mozilla says it will collect only limited technical and interaction data to monitor performance, and routing servers are U.S.-based. Rollout begins in the US, UK, Germany and France; the update also adds Split View and fixes 46 security vulnerabilities.
read more →

Five Ways Chrome Enterprise Strengthens Browser Security

🔒 Chrome Enterprise outlines five enhancements aimed at reinforcing browser security for organizations, addressing modern risks from session theft to malware-driven credential theft. Highlights include Device Bound Session Credentials to prevent session hijacking, cache encryption to protect data at rest, and App-bound encryption to block unauthorized apps from reading browser-stored secrets. Administrators also get tighter download controls and deeper integrations with partners such as Citrix and Okta to improve access decisions and incident response.
read more →

Prisma Browser for Business: Secure Workspace for SMBs

🔐 Prisma Browser for Business delivers a secure, browser-first workspace tailored to small businesses, combining enterprise-grade threat detection with a simplified admin experience. Built on Chromium and powered by Palo Alto Networks' Precision AI, it inspects webpages and extensions in real time to block AI-enabled phishing, browser-delivered malware, and risky extensions. The browser adds AI-aware controls to prevent sensitive data from being pasted into unauthorized GenAI tools and offers one-click SSO onboarding, preconfigured policies, and a 30-day no-contract trial.
read more →

VoidStealer bypasses Chrome ABE to steal browser secrets

🔐 Researchers have identified a new infostealer called VoidStealer that bypasses Chrome's Application-Bound Encryption (ABE) to exfiltrate stored passwords, cookies, and tokens. Unlike prior ABE bypasses that relied on code injection or elevated privileges, VoidStealer attaches as a debugger and uses hardware breakpoints to capture the v20_master-key at the precise moment it appears in plaintext. The malware can fall back to injection-based methods but prioritizes the stealthy debugger technique. Defenders should monitor for debugger attachments, unexpected memory reads, and anomalous Chrome process activity.
read more →

ShieldGuard crypto browser extension scam dismantled

🔒 Researchers have dismantled the ShieldGuard crypto scam after Okta Threat Intelligence flagged the malicious browser extension in an advisory on March 17. Marketed as a wallet security tool with social promotion and token "airdrop" incentives, the extension instead harvested wallet addresses, scraped full HTML content after logins and tracked users across sessions. It used obfuscation and a custom JavaScript interpreter to evade Chrome protections and supported remote command-and-control execution. Partners removed the extension from the Chrome Web Store, disabled backend infrastructure, took down domains and blocked sign-in functionality; users are advised to limit plugins, verify sources and treat free-token offers with caution.
read more →

Anthropic Uses Claude Opus 4.6 to Find 22 Firefox Flaws

🔍 Anthropic reported discovering 22 new vulnerabilities in the Firefox browser using Claude Opus 4.6 during a two-week assessment in January 2026. Fourteen issues were rated high, seven moderate and one low, and most were patched in Firefox 148. The model detected a JavaScript use-after-free bug in about 20 minutes, which researchers validated in a virtualized environment. When tasked to produce exploits the model succeeded only twice after many attempts and roughly $4,000 in API spend, underscoring that discovery is cheaper than reliable exploitation.
read more →

2026 Browser Report: Enterprise Security Blind Spots

🛡️ The 2026 State of Browser Security Report from Keep Aware warns that modern browsers—now hosting embedded AI copilots and generative tools—have become the primary execution layer for enterprise work and the largest emerging security gap. The study finds broad adoption of AI web tools, frequent uploads of internal and regulated data, and that traditional DLP and network controls fail to inspect typed inputs, pasted content, and in-session file uploads. It highlights phishing, malicious extensions, and social engineering as leading browser attack vectors and urges organizations to adopt browser-specific visibility, continuous extension governance, and account-level controls for AI usage.
read more →

Google Chrome moves to two-week stable release cycle

🔁 With the release of Chrome 153 on September 8, Google will move from a four-week to a two-week release cadence for both beta and stable channels on Desktop, Android, and iOS. Dev and Canary channels remain on their current schedules while an eight-week Extended Stable branch will be preserved for enterprise customers. Google says smaller, more frequent milestones will reduce disruption and simplify post-release debugging. Users can expect more frequent feature rollouts and occasional restart prompts, and weekly security updates will continue under the August 2023 model.
read more →

Chrome Gemini Vulnerability Allowed Extension Hijack

🛡 Unit 42 discovered CVE-2026-0628, a high-severity flaw in Chrome's new Gemini Live panel that allowed extensions with only declarativeNetRequest permissions to inject JavaScript into the privileged panel context. That injection could escalate extension privileges to access camera and microphone, read local files, take screenshots and render phishing content inside a trusted browser UI. Google was notified on 2025-10-23 and issued a patch in early January 2026. Palo Alto Networks recommends mitigations such as Prisma Browser and related protections.
read more →

QuickLens Chrome Extension Compromised to Steal Crypto

⚠️The QuickLens Chrome extension was removed from the Chrome Web Store after a malicious update (v5.8) was pushed that added info‑stealing and ClickFix attack functionality. Security researchers found the extension stripped security headers, added powerful permissions, and contacted a command‑and‑control server to fetch and run payloads on every page. A fake Google Update prompt led to malware that targeted Windows and attempted to steal browser credentials and cryptocurrency seed phrases. Google has disabled the extension; affected users should remove it, scan devices, reset passwords, and move funds from compromised wallets.
read more →