The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.
Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
Dark Reading

Browser Extension Harvests 8M Users' AI Chatbot Data

A popular browser extension that acts as a VPN to protect users' privacy is actually harvesting and facilitating the sale of data from conversations with AI chatbot assistants. While versions previous ...
Hosted on MSN

Chrome extension disguised as AI assistant expose 10K+ users OpenAI API keys

A Chrome browser extension posing as an artificial intelligence assistant is siphoning OpenAI credentials from more than 10,000 users and sending them to third-party servers. Cybersecurity platform ...