SquareX has unveiled a concerning attack technique that enables malicious browser extensions to hijack both browsers and devices. Researchers revealed that attackers can exploit the read/write permissions commonly granted to many extensions, even those recognized as productivity tools. This method requires minimal user interaction and raises alarm regarding the overall security of browser extensions, as these are not typically subjected to thorough security checks when submitted to the Chrome Store. The implications indicate a significant underestimation of the vulnerability posed by extensions.
"SquareX researchers demonstrated how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction."
"This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker."
Collection
[
|
...
]