10
0

108 Chrome extensions caught stealing user data and hijacking sessions

18d 5h ago by piefed.world/u/beep in cybersecurity@infosec.pub from socket.dev
  • 54 extensions steal Google account identity via OAuth2;
  • 1 extension actively exfiltrates Telegram Web sessions every 15 seconds;
  • 1 extension includes staged infrastructure for Telegram session theft (not yet activated);
  • 2 extensions strip YouTube security headers and inject ads;
  • 1 extension strips TikTok security headers and injects ads;
  • 2 extensions inject content scripts into every page the user visits;
  • 1 extension proxies all translation requests through the threat actor's server;
  • 45 extensions contain a universal backdoor that opens arbitrary URLs on browser start.