Advertisement

Malicious Perplexity Chrome Extension Intercepts User Data
A malicious Chrome extension impersonating Perplexity AI intercepted user search queries and address bar inputs, routing them via attacker infrastructure, posing a

Microsoft Pulls 119 Malicious StegoAd Edge Extensions
Microsoft removes 119 Edge extensions linked to the StegoAd campaign, which used steganography in images and fonts to steal credentials and commit ad fraud.

"Adblock for YouTube" Extension: Dormant Script Injection Threat
A popular Chrome ad blocker, "Adblock for YouTube," with over 10 million installs, contains a dormant capability for arbitrary JavaScript injection, posing a significant
Chrome 149 Update Patches 18 High-Severity UAF Vulnerabilities
Google releases Chrome 149 to address 18 severe vulnerabilities, including multiple use-after-free defects in Graphics, Dawn, and Mojo components.
Chrome 149 Update Patches 28 Vulnerabilities — Mitigation Guide
Google addresses 28 security flaws in Chrome 149, including critical use-after-free bugs. Learn about technical impacts and enterprise patching requirements.
Google Patches CVE-2026-11645: 5th Chrome Zero-Day Exploited in 2026
Google addresses CVE-2026-11645, a critical zero-day vulnerability in Chrome being actively exploited. Learn about patch guidance and detection strategies.
2026 Verizon DBIR Analysis: Securing the Browser Against Phishing
The 2026 Verizon DBIR identifies browser-layer security gaps as a primary threat vector, highlighting risks from phishing, shadow AI, and malicious extensions.
Chromium RCE Risk: Unfixed Flaw Allows Background JavaScript
Google accidentally exposed details of an unfixed Chromium flaw. This enables RCE via persistent background JavaScript execution, affecting many browsers.
Google Chrome Zero-Day Patch: Fourth In-the-Wild Exploit
Google has released an urgent security update for Chrome, patching the fourth zero-day vulnerability actively exploited in 2024. Update now to protect against

DeepLoad Malware Leverages ClickFix, WMI for Browser Credential Theft
DeepLoad malware leverages ClickFix social engineering and WMI for persistence to steal browser credentials, employing AI-assisted obfuscation for evasion.
Enterprise Browser Security: Emerging Blind Spots & AI Web Tool Risks
Keep Aware's 2026 report reveals critical enterprise browser security gaps, citing AI web tool use, phishing, and extensions as major blind spots for defenders.

CVE-2026-0628: Chrome Gemini Panel Exploit Enables Privilege Escalation
A high-severity flaw in Google Chrome's Gemini side panel allowed malicious extensions to bypass security policies and access local files on target systems.