33 Malicious Chrome Extensions Stole Data From 2.6 Million Devices
2025-01-03
Researchers discovered at least 33 Chrome extensions secretly siphoning sensitive data, including browser cookies and login credentials for Facebook and ChatGPT, from roughly 2.6 million devices over the past 18 months. Attackers used spear-phishing emails to exploit OAuth vulnerabilities and upload malicious extension versions to the Chrome Web Store. The compromised extensions spanned various categories, with some malicious versions persisting for months. Users are urged to check for these malicious extensions and change passwords immediately.
Tech
malware