#malicious-extensions

[ follow ]
#browser-security #chrome-security-vulnerability #open-vsx #privilege-escalation #supply-chain-attack
fromThe Hacker News
1 week ago

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

"The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'... So when scanners failed under load, Open VSX treated it as 'nothing to scan for' and waved the extension right through."
Information security
#chrome-security-vulnerability
Information security
fromZDNET
1 month ago

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A high-severity vulnerability in Chrome's Gemini feature allows malicious extensions to inject code, enabling attackers to spy on users, steal data, access webcams and microphones, and conduct phishing attacks.
Information security
fromTheregister
1 month ago

Chrome AI panel became privilege escalator for extensions

A high-severity Chrome vulnerability allowed malicious extensions to hijack the Gemini Live AI panel and gain unauthorized access to system resources like cameras, microphones, and local files.
Information security
fromThe Hacker News
1 month ago

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

A patched Chrome vulnerability (CVE-2026-0628) allowed malicious extensions to escalate privileges and access local files, camera, microphone, and screenshots through insufficient WebView policy enforcement.
Information security
fromZDNET
1 month ago

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A high-severity vulnerability in Chrome's Gemini feature allows malicious extensions to inject code, enabling attackers to spy on users, steal data, access webcams and microphones, and conduct phishing attacks.
more#chrome-security-vulnerability
Information security
fromThe Hacker News
2 months ago

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-powered VS Code forks recommend non-existent Open VSX extensions, enabling attackers to register those namespaces and publish malicious packages that compromise developers.
#supply-chain-attack
more#supply-chain-attack
Information security
fromComputerworld
5 months ago

AI browsers can be abused by malicious AI sidebar extensions: Report

Malicious browser extensions can spoof AI sidebars to steal data, redirect users, or install backdoors; organizations must audit extensions and enforce zero-trust controls.
Information security
fromDevOps.com
6 months ago

WhiteCobra Targets Developers with Dozens of Malicious Extensions - DevOps.com

WhiteCobra distributes malicious VSCode and Open VSX extensions to steal cryptocurrency wallets from developers using VSCode, Cursor, and Windsurf.
fromTheregister
8 months ago

Browser hijacking campaign infects 2.3M Chrome, Edge users

The Geco color picker extension, while appearing safe and helpful, hijacks browser sessions, tracks user activities, and backdoors victims' web browsers, highlighting significant security concerns.
Privacy professionals
[ Load more ]