Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsof...

Linux Distros Unpatched Vulnerability : CVE-2026-13029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to...

DEBIAN-CVE-2026-13029

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-13029

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-13029

CVE-2026-13029: Use-after-free in Web Authentication for Google Chrome, fixed in or after 149.0.7827.197. Affected component: Web Authentication flow; vulnerability arises when a user is convinced to install a malicious Chrome Extension, potentially enabling heap corruption via a crafted extensio...

PT-2026-52047

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in extensions in Google Chrome prior to version 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Google Chrome extension...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Firefox and Thunderbird

A malicious extension could have opened a popup window without an address bar. The title of the popup without an address bar should not be fully controllable, but in this case it was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This...

Astra Linux – Vulnerability in Chromium

Before version 90.0.4430.72, using IndexedDB in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape through a crafted Chrome Extension...

Astra Linux – Vulnerability in Chromium

Before version 134.0.6998.35, using “After Free” in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

The use of Tab Strip with free software in Google Chrome before version 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a specific set of user gestures...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the PrintPreview function in Google Chrome prior to version 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Groups component of Google Chrome prior to version 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and induced specific user interactions to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

In Google Chrome versions prior to 142.0.7444.59, policy bypass in Extensions allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

In Google Chrome on Linux and ChromeOS before version 92.0.4515.107, an attacker who convinced a user to install a malicious extension could perform an out-of-bounds memory write by using a crafted HTML page. This vulnerability allowed the attacker to execute such an operation...

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.131, writing out-of-bounds data using Tab groups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write via a crafted HTML page...