Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
17 résultats taggé Chrome  ✕
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/
13/04/2025 10:52:05
QRCode
archive.org
thumbnail

Even weirder: Why would Google give so many the "Featured" stamp for trustworthiness?

Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal.

arstechnica EN 2025 sketchy Chrome extensions suspicious
Searching for something unknow https://secureannex.com/blog/searching-for-something-unknow/
13/04/2025 10:51:44
QRCode
archive.org
thumbnail

After the release of the Secure Annex ‘Monitor’ feature, I wanted to help evaluate a list of extensions an organization I was working with had configured for monitoring. Notifications when new changes occur is great, but in security, baselines are everything!

To cut down a list of 132 extensions in use, I identified a couple extensions that stuck out because they were ‘unlisted’ in the Chrome Web Store. Unlisted extensions are not indexed by search engines and do not show up when searching the Chrome Web Store. The only way to access the extension is by knowing the URL.

secureannex EN 2025 suspicious extensions Chrome analysis research
Targeted supply chain attack against Chrome browser extensions https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
24/01/2025 09:22:51
QRCode
archive.org
thumbnail

In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.

sekoia EN 2025 supply chain attack Chrome extensions
Malicious extensions circumvent Google’s remote code ban https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
21/01/2025 09:30:06
QRCode
archive.org
thumbnail

This blog post looks into how 62 malicious extensions circumvent Google’s restrictions of remote code execution in extensions. One group of extensions is associated with the company Phoenix Invicta, another with Technosense Media. The largest group around Sweet VPN hasn’t been attributed yet.

palant EN 2025 palant malicious extensions Google Chrome
Cyber firm's Chrome extension hijacked to steal user passwords https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/
28/12/2024 11:48:00
QRCode
archive.org
thumbnail

The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."

techcrunch EN 2024 Chrome extension hijacked Cyberhaven
Qilin ransomware caught stealing credentials stored in Google Chrome https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/
23/08/2024 10:31:13
QRCode
archive.org
thumbnail

Familiar ransomware develops an appetite for passwords to third-party sites

sophos EN 2024 ransomware Qilin Chrome passwords
Google Chrome gets real-time phishing protection later this month https://www.bleepingcomputer.com/news/google/google-chrome-gets-real-time-phishing-protection-later-this-month/amp/
14/03/2024 23:32:00
QRCode
archive.org
thumbnail

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.

The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.

bleepingcomputer EN 2024 solution Browsing Phishing Enhanced Chrome Google Safe Privacy Safe-Browsing browser
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware https://blog.sucuri.net/2023/10/fakeupdateru-chrome-update-infection-spreads-trojan-malware.html
30/10/2023 19:07:05
QRCode
archive.org
thumbnail

Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.

sucuri EN 2023 Google Chrome update malware fake analysis
How malicious extensions hide running arbitrary code https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code
05/06/2023 21:50:41
QRCode
archive.org
thumbnail

Eight malicious extensions still remain in Chrome Web Store. These use some interesting tricks to keep running arbitrary code despite restrictions of Manifest V3.

palant EN 2023 Chrome Web Store extensions malicious
Google Chrome emergency update fixes first zero-day of 2023 https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-first-zero-day-of-2023/
16/04/2023 23:40:34
QRCode
archive.org
thumbnail

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.

bleepingcomputer EN 2023 0-day vulnerability Emergency-Update Chrome Browser Zero-Day
Over 2 million users Affected with Browser Hijackers https://blog.cyble.com/2022/11/22/over-2-million-users-affected-with-browser-hijackers/
22/11/2022 08:53:55
QRCode
archive.org
thumbnail

Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.

cyble 2022 EN Browser Hijackers infected Chrome plugins
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
24/10/2022 07:02:14
QRCode
archive.org
thumbnail

The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!

guardiosecurity EN 2022 Campaign Data Stealing malicious Extensions browser Chrome Edge
Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
20/09/2022 00:04:47
QRCode
archive.org

Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords

otto-js EN 2022 Chrome Edge Spellcheck Spell-Jacking leak
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
05/09/2022 10:11:08
QRCode
archive.org
thumbnail

A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000
"...the extensions also track the user’s browsing activity."

mcafee 2022 EN malicious extensions Chrome Analysis privacy browser cookie Stuffing
Protecting Android users from 0-Day attacks https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/
22/05/2022 16:26:48
QRCode
archive.org
thumbnail

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

GoogleTAG EN 2022 EN Android 0-day 0day cytrox CVE-2021-1048 chrome
Chrome Releases: Stable Channel Update for Desktop https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html?m=1
28/03/2022 12:46:45
QRCode
archive.org
thumbnail

High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Google is aware that an exploit for CVE-2022-1096 exists in the wild.

CVE-2022-1096 chrome update EN 2022
Chrome Zero-Day Under Active Attack: Patch ASAP | Threatpost https://threatpost.com/google-chrome-zero-day-under-attack/178428/
16/02/2022 20:38:31
QRCode
archive.org
thumbnail

The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.

malware threatpost EN 2022 Chrome 0-day CVE-2022-0609
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio