A maintainer-account takeover can do more damage than a single malicious file, especially when one publish pipeline reaches several software ecosystems at once.
A lookalike browser add-on used a trusted AI brand to win installs, showing how extension permissions can turn ordinary searches into sensitive telemetry.
A deceptive browser add-on mimicking a popular AI brand highlights how extensions can collect search and browsing data when users grant broad permissions.
A popular Chrome ad blocker tied to YouTube carries a dormant script-injection path, showing how a trusted extension can turn into a post-install risk if its server-side behavior changes.
A widely installed YouTube ad blocker shows how even a familiar browser extension can carry page-level power that deserves scrutiny.
A phishing-led malware chain reportedly used Chrome’s native messaging path to move from browser space into Windows command execution, showing how ordinary integrations can become security boundaries in practice.
A campaign abusing policy-controlled installs and Native Messaging shows how a browser can be turned into a command relay when trusted management features are misused.
Named flaws in two popular Chrome extensions underline how an AI helper with broad page access can turn convenience into high-impact compromise risk.
Two reported flaws in AI-focused Chrome extensions show how a message-handling bug can turn a convenience add-on into a high-risk trust boundary.
A cluster of Chrome live wallpaper extensions was linked to user-data logging, disguised click traffic, and routing activity toward ad sites, turning a simple browser add-on into a trust problem.
Malicious JetBrains plugins and suspicious browser add-ons are putting AI keys and chatbot conversations in the crosshairs, showing how software supply chains can become data-collection pipelines.
A large Chrome extension cluster blurred customization and monetization, using install and uninstall behavior that appears designed to imitate real user traffic.
Google is ending support for Chrome extensions built on Manifest V2 later this month, a shift that is expected to affect uBlock Origin and other ad blockers built for the older framework.
A large Chrome extension cluster tied to wallpaper and new-tab tools shows how ordinary-looking add-ons can become a vehicle for adware-style monetization.
A Chrome extension campaign tied to 23 add-ons and an estimated 758,000 users shows how search settings can be turned into a quiet control point for privacy abuse and phishing risk.
A reported extension campaign tied to about 90,000 browser users shows how a utility add-on can become a quiet collection point for sensitive AI chats and account details.
A 23-extension campaign shows how a browser add-on can quietly redirect everyday searches and turn user intent into monetized traffic.
A network of Chrome extensions tied to dozens of publisher accounts shows how ordinary add-ons can be repurposed into coordinated deception at scale.
A coordinated extension network linked to fake search activity and hidden data collection shows how browser trust can be bent without a visible break-in.
These browser add-ons are easy to add from the Chrome Web Store, but their protection is limited to traffic generated inside the browser.