The Hacker News

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Experts uncovered malicious Chrome extensions that replace affiliate links, exfiltrate data, and steal ChatGPT authentication tokens from users.
SecurityWeek

Chrome, Edge Extensions Caught Stealing ChatGPT Sessions

LayerX discovered 16 extensions in the Chrome Web Store and Microsoft Edge Add-ons marketplace that steal users’ ChatGPT ...
Forbes

Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk

This Google Chrome browser extension attack compromised authentication cookies. Update, Dec. 31, 2024: This story, originally published Dec. 29 now includes an explanation of how 2FA bypass session ...
The Hacker News

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies, block admin controls, and hijack sessions for account takeover.

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP ...
CSO Online

Five Chrome extensions caught hijacking enterprise sessions

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and ...
Forbes

Google Chrome Attack Alert—Full List Of Hacked Extensions Published

Update, Jan. 4, 2025: This story, originally published Jan. 2, now includes a link to details of all the known Chrome extensions to have been targeted by the hackers. As I reported at the end of ...