Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...
Bleeping Computer

New Syncjacking attack hijacks devices using Chrome extensions

A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device. The new attack method, discovered by security ...
Forbes

Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk

This Google Chrome browser extension attack compromised authentication cookies. Update, Dec. 31, 2024: This story, originally published Dec. 29 now includes an explanation of how 2FA bypass session ...

Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe

Google Chrome is the most popular browser on desktop, which is why it’s also one of the most popular targets for hackers.
Forbes

New Google Chrome Attack—You Must Not Click This Popup

As “sneaky” attacks go, this one takes some beating. A new report suddenly warns that a fundamental vulnerability in the way Google Chrome and other Chromium browsers work means password managers, ...
Bleeping Computer

Cookie-Bite attack PoC uses Chrome extension to steal session tokens

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access ...