EUVD-2026-34497

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-28119

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

Mozilla: WebExtensions could open arbitrary URLs

The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data...

[20091103] - Core - XML File Read Issue

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension...