CyberSecurityBoard
Sponsor Register Login

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. SquareX’s research team has recently uncovered a sophisticated browser attack technique that allows malicious extensions to impersonate any extension installed on a victim’s browser. The attack even temporarily disables the legitimate extension, creating a seamless deception that tricks users into providing sensitive credentials to what they believe is their trusted tool. When users click on what appears to be their password manager, they’re actually interacting with the malicious extension, which captures their master credentials and secret keys before seamlessly returning control to the legitimate extension. When a target is identified, such as when a user visits a login page, the polymorphic extension temporarily disables the legitimate extension using Chrome’s API capabilities, then visually transforms its icon and interface to match the target. This attack is particularly concerning as it exploits legitimate Chrome functionality and uses permissions classified as medium risk, making it difficult to detect through standard security measures. The APIs used – activeTab, scripting, and chrome.management – are commonly used by legitimate extensions, allowing the malicious code to blend in with normal browser operations. After installation, the extension functions as promised to avoid raising suspicion while monitoring for high-value target extensions on the user’s browser. The attack exploits the human tendency to rely on visual cues for verification, particularly the extension icons on the pinned tab bar. What makes this attack particularly dangerous is that it targets high-value extensions such as password managers, cryptocurrency wallets, banking applications, and productivity tools. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. However, the polymorphic extension can silently replace these visual indicators at precisely timed moments, creating a perfect illusion that leads to credential theft. When users interact with these icons, they assume they’re engaging with legitimate extensions. For example, if a password manager is compromised, attackers obtain access to the victim’s entire credential vault, enabling them to access any associated service or account.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 09:10:11 +0000


Cyber News related to New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser - This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. ...
5 months ago Cybersecuritynews.com
Malicious Chrome extensions can spoof password managers in new attack - In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to ...
5 months ago Bleepingcomputer.com
SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
5 months ago Cybersecuritynews.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
1 year ago Security.googleblog.com
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are - SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Moreimportantly, employees using Browser AI Agents ...
1 month ago Cybersecuritynews.com
OpenAI is to Launch a AI Web Browser in Coming Weeks - The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while advancing the company’s vision ...
4 weeks ago Cybersecuritynews.com
Google Chrome change that weakens ad blockers begins June 3rd - Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. Google says this decision was made based on the community's progress and feedback, which were deemed ...
1 year ago Bleepingcomputer.com
SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions - Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data ...
3 months ago Cybersecuritynews.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Rilide Malware as Browser Extension Attacking Chrome & Edge Users to Steal Login Credentials - The malware leverages browser extension capabilities to seamlessly integrate with the victim’s browsing experience, making detection particularly challenging for conventional security solutions. A sophisticated malware strain dubbed ...
4 months ago Cybersecuritynews.com
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension - Meanwhile, background.js functions as an intermediary to bypass browser security policies, transmitting the stolen data from content.js to the command-and-control (C2) server. The emergence of a highly obfuscated .NET-based Remote Access Trojan (RAT) ...
5 months ago Cybersecuritynews.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk - As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of ...
4 months ago Cybersecuritynews.com
New Phishing Attack Using Browser-In-The-Browser Technique To Attack Gamers - This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam credentials, allowing cybercriminals to steal valuable gaming accounts and virtual items. Silent Push researchers noted this attack in ...
4 months ago Cybersecuritynews.com
New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files - Cybersecurity researchers have uncovered a new strain of ransomware called Mimic, which uses Everything API, a Windows search engine, to search for files to encrypt. Mimic is a sophisticated malware that can eliminate shadow copies, shut down various ...
2 years ago Heimdalsecurity.com
Weaponized Chrome Extension Affects 1.7 Million Users Despite Google's Verified Badges - The “Malicious11” campaign, discovered by cybersecurity researchers at Koi Security, represents one of the largest browser hijacking operations ever documented, exploiting the very trust signals users rely on to identify safe extensions. ...
1 month ago Cybersecuritynews.com
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - Security teams must integrate browser detection & response capabilities into their enterprise security stack to gain real-time visibility, detect browser-native threats, and protect people where they work. Just as EDR transformed endpoint ...
5 months ago Bleepingcomputer.com
Chrome New Safety Check Feature Checks for Hacked Passwords - Google Chrome, the leading browser, has recently launched a new safety check feature that can help users save their tab groups and optimize memory usage. With this new feature, users can now ensure that their browser is running smoothly and ...
1 year ago Cybersecuritynews.com
OpenAIS ChatGPT is a Polymorphic Malware: How to Protect Yourself - Internet security is an important concern in the modern digital age. With the emergence of new threats such as ransomware, Trojans, and sophisticated variants of Polymorphic Malware, it is essential that users take the necessary steps to protect ...
2 years ago Hackread.com
CVE-2024-34714 - The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit ...
1 year ago Tenable.com
Google Chrome adds new AI features to boost productivity and creativity - Google's popular web browser, Chrome, is getting a makeover with the latest release of Chrome M121, which introduces three new generative AI features that aim to make browsing easier, more efficient and more personalized. The new features, which are ...
1 year ago Venturebeat.com
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
2 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)