CyberSecurityBoard
Sponsor Register Login

Chromium Browsers on Windows Vulnerable to Arbitrary Extensions Installation

A critical security vulnerability has been discovered in Chromium-based browsers on Windows platforms, allowing attackers to install arbitrary extensions without user consent. This flaw could be exploited to inject malicious extensions that compromise user privacy, steal sensitive data, or perform unauthorized actions within the browser environment. The vulnerability stems from improper validation in the extension installation process, enabling attackers to bypass security restrictions. Users of popular Chromium browsers such as Google Chrome, Microsoft Edge, and others are urged to update to the latest versions where patches have been applied. Cybersecurity experts emphasize the importance of timely updates and cautious extension management to mitigate risks. This incident highlights ongoing challenges in browser security and the need for robust defenses against extension-based attacks. Organizations should review their endpoint protection strategies and educate users about the dangers of untrusted browser extensions. The vulnerability has been assigned a CVE identifier and is under active monitoring by security researchers and vendors. Staying informed and proactive is essential to protect against exploitation attempts leveraging this weakness in Chromium browsers on Windows.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 24 Sep 2025 13:18:03 +0000


Cyber News related to Chromium Browsers on Windows Vulnerable to Arbitrary Extensions Installation

Chromium Browsers on Windows Vulnerable to Arbitrary Extensions Installation - A critical security vulnerability has been discovered in Chromium-based browsers on Windows platforms, allowing attackers to install arbitrary extensions without user consent. This flaw could be exploited to inject malicious extensions that ...
2 months ago Cybersecuritynews.com CVE-2024-XXXX
Over 6 Million Chrome Extensions Can Execute Remote Commands on Users’ Browsers - A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure ...
8 months ago Cybersecuritynews.com
Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
2 years ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
2 years ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Malicious Chrome VPN Extensions Installed 1.5M Times Browsers - In a recent cybersecurity revelation, a highly sophisticated cyber attack campaign has emerged, weaving a web of deceit through malicious web extensions cunningly disguised as VPNs. ReasonLabs, a cybersecurity firm, has discovered online piracy ...
1 year ago Cybersecuritynews.com
The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
5 months ago Bleepingcomputer.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com
Fake Madgicx Plus and SocialMetrics Pro Chrome Extensions Found Stealing Facebook Credentials - Cybersecurity researchers have uncovered a new phishing campaign involving fake Chrome extensions named Madgicx Plus and SocialMetrics Pro. These malicious extensions are designed to steal Facebook credentials from unsuspecting users by mimicking ...
3 months ago Thehackernews.com
Developers Beware of Malicious VS Code Extension Apps With Million of Installations - Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as ...
8 months ago Cybersecuritynews.com
CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, ...
8 months ago Cybersecuritynews.com CVE-2025-2783
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, most of the malicious functionality ...
5 months ago Bleepingcomputer.com
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, the malicious functionality is ...
5 months ago Bleepingcomputer.com
VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
9 months ago Bleepingcomputer.com
Chrome extensions with 6 million installs have hidden tracking code - While Tuckner didn't catch any extensions stealing user passwords or cookies, the excessively risky capabilities, heavily obfuscated code, and hidden logic were enough for the researcher to label them as risky and, potentially, spyware. A set of 57 ...
8 months ago Bleepingcomputer.com
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
7 months ago Bleepingcomputer.com
Threat Actors May Abuse VS Code Extensions to Deliver Malware - Visual Studio Code (VS Code) extensions have become a popular tool for developers to enhance their coding environment. However, recent cybersecurity research highlights a growing threat where malicious actors exploit these extensions to deliver ...
1 month ago Cybersecuritynews.com
Malicious VSCode extensions infect Windows with cryptominers - Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. If you have installed any of the nine extensions mentioned in the ...
8 months ago Bleepingcomputer.com
131 Malicious Extensions Targeting WhatsApp Users Discovered - A recent cybersecurity investigation has uncovered 131 malicious browser extensions specifically targeting WhatsApp users. These extensions, disguised as useful tools, actually serve as conduits for data theft, unauthorized access, and spreading ...
2 months ago Cybersecuritynews.com
Google Chrome disables uBlock Origin for some in Manifest v3 rollout - Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. For those who need more time, Google will let the ...
10 months ago Bleepingcomputer.com
8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users - Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The investigation ...
5 months ago Cybersecuritynews.com
VSCode extensions with 9 million installs pulled over security risks - Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and  'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. One of the researchers, Amit Assaraf, says ...
9 months ago Bleepingcomputer.com
Hackers Deliver Malware via Browser Extensions & Legitimate Tools to Bypass Security Controls - Quick Assist, a preinstalled Windows application designed for remote troubleshooting, requires victims to share a six-digit verification code with attackers posing as IT support personnel. Over the past six months, threat actors have refined ...
8 months ago Cybersecuritynews.com
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers - Firefox has not stated how long this support will continue, but as long as there are powerful add-ons enhancing user privacy and security, Mozilla should continue to have strong reasons to extend support for Manifest V2. The latest announcement ...
9 months ago Bleepingcomputer.com
New Credit Card Skimming Attack Leverages Chrome, Edge, & Firefox Extensions to Steal Financial Data - The careful design of this attack chain enables persistent access without requiring elevated privileges, allowing the attackers to maintain long-term access to victims’ browsers and financial information. When payment details are detected, the ...
8 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)