Beware this hidden Chrome attack — what to know.
update all browsers by June 26. But there’s a very different Chrome threat to your PC, and it’s much more difficult to find and fix.that “a network of malicious sleeper agent extensions" are “waiting for their ‘marching order’ to execute malicious code on unsuspecting users’ computers.”warns that some of the most popular extensions it has analyzed, “expose information such as browsing domains, machine IDs, OS details, usage analytics, and more.
Bugcrowd’s Trey Ford told me “this is a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet. Ultimately this can manifest as a form of malware, and unavoidably create new attack surface for miscreants to attack and compromise a very secure browsing experience.
There’s no easy answer to this one. Symantec says that while “none of appear to leak direct passwords,” the data can still fuel attacks. “The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.”“The overarching lesson,” the team says, “is that a large install base or a well-known brand does not necessarily ensure best practices around encryption.
According to Keeper Security’s Patrick Tiquet, “this highlights a critical gap in extension security,” if and when “developers cut corners.” He warns that “transmitting data over unencrypted HTTP and hard-coding secrets exposes users to profiling, phishing and adversary-in-the-middle attacks – especially on unsecured networks.”
The risk is especially acute for enterprises. “Organizations should take immediate action by enforcing strict controls around browser extension usage, managing secrets securely and monitoring for suspicious behavior across endpoints. Just because a browser extension is very popular and has a large user base doesn’t mean it’s secure. Businesses must scrutinize all browser extensions to protect sensitive data and identities.
Chrome Update Deadline Chrome Delete Chrome Vs Safari Apple Chrome Google Attack Google Warning Extensions Chrome Warning
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Google Issues Chrome Attack Warning—Check Your Browser NowDo not let this attack hijack your Windows PC.
Read more »
CISA Issues Critical Chrome 0-Day Alert: Don’t Wait To Update BrowserWarnings don’t come much stronger than this — update Google Chrome now.
Read more »
Google Chrome Deadline—21 Days To Update Or Stop Using BrowserGovernment mandates all federal staff to update — all 2 billion users should do same.
Read more »
Google Chrome Deadline—21 Days To Update Or Stop Using BrowserGovernment mandates all federal staff to update — all 2 billion users should do same.
Read more »
Google’s New Chrome Update—Do Not Ignore June 5 DeadlineYou have been warned — update now.
Read more »
Judge questions if breaking up Chrome will fix Google’s search monopoly in AI eraThe DOJ demands Google Search reforms, Chrome divestment, and open data sharing, but a judge questions whether AI already changed the game.
Read more »