125 matches found
SUSE CVE-2016-1640
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...
Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone elses computer...
Users unable to launch - Error: "Cannot complete your request"
'Cannot complete your request' while trying to access the Web Store URL. StoreFront events show that a loopback communication failed...
CVE-2022-30400
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/orders/vieworder.php?view=user&id=...
Google Play’s Data safety section empowers Android users to make informed app choices
Google has launched its new "nutrition labels" for apps, a feature it promised in the spring of 2021. This release came days after the Chrome team released badges for the Chrome Web Store for browser extensions. The company said in a blog post that its rolling out the labels—which it calls the...
Ad-blocker Chrome extension AllBlock injected ads in Google searches
By Deeba Ahmed AllBlock was available on Google Chrome's Web Store where it is marketed as a potent Ad Blocker focusing on Facebook and YouTube to prevent pop-ups. This is a post from HackRead.com Read the original post: Ad-blocker Chrome extension AllBlock injected ads in Google searches...
What’s New in InsightAppSec and tCell: Q2 2021 in Review
If there’s a theme to InsightAppSec and tCell updates and improvements in the second quarter, it would be “save time by building it into the process.” Building a more efficient process is key in further securing web applications. Can you get it done faster from home? Or is the quickest way to the...
Google Chrome to Help Users Identify Untrusted Extensions Before Installation
Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users...
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware
Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google...
h1-ctf: Hacky Holidays CTF Writeup
Intro: 12 days of challenges - some more challenging than others! This holiday CTF had all 12 challenges hosted on the website https://hackyholidays.h1ctf.com/ F1129112 Challenge 1: I started by significantly overthinking all of the early challenges in this competition. When this CTF started the...
A week in security (August 3 – 9)
Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the...
Hundreds of Chrome Extensions Secretly Uploaded Private Data
A researcher discovered that hundreds of extensions in the Web Store were part of a long-running malvertising and ad-fraud scheme...
500 Malicious Chrome Extensions Impact Millions of Users
Researchers say that 500 Google Chrome browser extensions were discovered secretly uploading private browsing data to attacker-controlled servers, and redirecting victims to malware-laced websites. The browser extensions, all of which have now been removed, were downloaded millions of times from...
OLK Web Store 2020 - Cross-Site Request Forgery Vulnerability
Exploit for asp platform in category web applications Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link:...
OLK Web Store 2020 Cross Site Request Forgery
Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Date: 2020-01-13 Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link: http://www.topmanage.com/microsites/olk-web-store/ Version: 2020 Tested on: N/A C...
OLK Web Store 2020 - Cross-Site Request Forgery
OLK Web Store 2020 - Cross-Site Request Forgery Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Date: 2020-01-13 Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link:...
OLK Web Store 2020 - Cross-Site Request Forgery
Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Date: 2020-01-13 Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link: http://www.topmanage.com/microsites/olk-web-store/ Version: 2020 Tested on: N/A C...
Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme
Google has removed two malicious ad blockers from its Chrome Web Store after a researcher discovered they were carrying out ad fraud and deceived Chrome users by using names of legitimate and popular blockers. Researcher Andrey Meshkov from rival ad blocker maker AdGuard discovered that the...
ExtAnalysis - Browser Extension Analysis Framework
With ExtAnalysis you can : Download & Analyze Extensions From: Chrome Web Store Firefox Addons Analyze Installed Extensions of: Google Chrome Mozilla Firefox Opera Browser Coming Soon Upload and Scan Extensions. Supported formats: .crx .xpi .zip Features of ExtAnalysis : View Basic Informations:...
Tenable IO WAS Chrome Extension
In the comments of the previous post about Tenable IO WAS Fergus Cooney mentioned a new Google Chrome extension for Tenable IO WAS, that should help in configuring scan Authentication setting. You can install it in Chrome Web Store. The idea is great. Authentication process in modern web...