June 23, 2024 at 06:45AM Google claims to effectively vet Chrome extensions to catch most malicious code, though researchers argue that the risk is more substantial. There has been considerable installation of risky extensions, representing a significant problem. The authors emphasize the critical need for stronger oversight by Google to address these issues. After reviewing … Read more
March 27, 2024 at 09:09AM A security flaw in Microsoft Edge browser, CVE-2024-21388, allowed attackers to covertly install browser extensions with broad permissions via a private API, impacting version 121.0.2277.83. The bug enabled installation of malicious extensions without user consent, posing a privilege escalation threat, emphasizing the need for balancing user convenience and security. Key … Read more
March 8, 2024 at 06:44PM Millions of Chrome users can now defend against extension subversion by installing the Chrome add-on “Under New Management,” created by software developer Matt Frisbie. The add-on alerts users when installed extensions change ownership, giving them the power to make informed decisions about the software they’re using. This initiative aims to … Read more