NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...

Google Chrome at risk from shape-shifting browser extensions — how to stay safe

Just like malicious apps on your smartphone, malicious browser extensions can put your devices and the sensitive data stored ...
The Register on MSN

30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data

Are you a good bot or a bad bot? More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be ...
Ars Technica

Browser extensions turn nearly 1 million browsers into website-scraping bots

Extensions installed on almost 1 million devices have been overriding key security protections to turn browsers into engines that scrape websites on behalf of a paid service, a researcher said. The ...
Dark Reading

ChatGPT Browser Extension Hijacks Facebook Business Accounts

A threat actor may have compromised thousands of Facebook accounts — including business accounts — via a sophisticated fake Chrome ChatGPT browser extension which, until earlier this week, was ...
Bleeping Computer

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. When first ...
Bleeping Computer

Google: Manifest V2 Chrome extensions to stop working in 2023

Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. Extension capabilities are restricted using a mechanism called ...