Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

Malicious Chrome extensions can spy on your ChatGPT chats

Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata. The 16 malicious extensions 15 for Chrome and 1 for Edge claim to improve and optimize...

ROS-20251216-7371

A vulnerability in the Extensions component of Google Chrome and Microsoft Edge browsers is related to incorrect resource initialization. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20251216-7358

A vulnerability in the Extensions component of Google Chrome and Microsoft Edge browsers is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

A Browser Extension Risk Guide After the ShadyPanda Campaign

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...

“Sleeper” browser extensions woke up as spyware on 4 million devices

Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed on roughly 4.3 million Chrome and Edge users’ devices suddenly went rogue. Now they can track what you browse and run malicious code insi...

Chromium: CVE-2025-8581 Inappropriate implementation in Extensions

Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-8576 Use after free in Extensions

Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface...

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to improper security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of the Extensions component of Microsoft Edge and Google Chrome browsers allows a perpetrator to access confidential information.

The vulnerability of the Extensions component of Microsoft Edge and Google Chrome lies in the improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information remotely...

The vulnerability of the Extensions API of Microsoft Edge and Google Chrome browsers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Extensions API for Microsoft Edge and Google Chrome relates to improper security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML pa...

The vulnerability of the Extensions API of Google Chrome and Microsoft Edge browsers allows a malicious actor to install any extension they desire.

The vulnerability of the Extensions API for Google Chrome and Microsoft Edge is related to insufficient data validation. Exploiting this vulnerability could allow an attacker to install any desired extension by using a specially created HTML page...

The vulnerabilities of Google Chrome and Microsoft Edge browser extensions, which allow a hacker to trigger a service failure.

The vulnerability of browser extensions in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure by loading a specially created extension...

The vulnerability of the Extensions API of Microsoft Edge and Google Chrome browsers allows attackers to circumvent existing security restrictions.

The vulnerability of the Extensions API for Microsoft Edge and Google Chrome is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the Extensions API for Microsoft Edge and Google Chrome browsers allows a malicious actor to disclose protected information or cause the program to terminate abnormally.

The vulnerability of the Extensions API for Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause the program to terminate abnormally...

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or cause a...

The vulnerability of the Microsoft Edge and Google Chrome browser extensions allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the Extensions component in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...

Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question — including...