extension

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.


1 min read

bitdefender.com

Automatic 4K/HD for YouTube extension pulled from Chrome Store for pop-up ad abuse

A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Google Chrome extension warns if your password has been leaked

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

What’s the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show’s hosts is going to admit to cheating in their exams?

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.


1 min read

If an extension goes rogue, everything you do in your browser is compromised

The official Chrome browser extension for Mega.nz was compromised with a malicious update, stealing passwords and private keys.

Keep your browser extensions to a minimum, and always be wary if they ask for elevated permissions.


2 min read

bitdefender.com

Security hole meant Grammarly would fix your typos, but let snoopers read your private writings

A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

First ever crypto-mining Chrome extension discovered

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users’ computers by secretly mining for virtual cash.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Hackers hijack popular Chrome extension to inject code into web developers’ browsers

Criminals hacked into a developer’s account, and modified a Chrome browser extension used by over a million people to push unwanted adverts.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Better History Chrome extension goes rogue, hijacks browsers and displays ads

A third-party Chrome extension, supposed to make management of your browsing history simpler, has been kicked out of the Chrome web store after users accused it of hijacking their browsing, fiddling with links and opening webpages displaying ads.

Read more in my article on the Hot for Security blog.


0 sec read

Counter-Strike: Global Offensive Chrome extensions raid your Steam account

Remember, the fact that an add-on or extension has been made available for your browser is no guarantee that it hasn’t been coded with malice in mind.


50 sec read

Sell Hack, the controversial plugin that offered to uncover LinkedIn email addresses, shuts down for now

Sell Hack, the controversial browser extension that promised to reveal LinkedIn users’ private email addresses has been shut down by its makers (at least temporarily) after they received a cease & desist order from the business networking site.


1 min read

LinkedIn warns of Sell Hack browser plugin that claims to reveal hidden email addresses

It sounds like a stalker’s or recruitment advisor’s wet dream, but there are good reasons to be wary of the “Sell Hack” tool that offers to reveal any LinkedIn user’s email address.


2 min read

Super Mario data-slurping scare hits the Google Chrome web store

Fancy a game of Super Mario for free? Well, be careful – because although you may not have to pay any money for it, you might just be giving away a lot of your private data.


9 sec read