During the presentation, SquareX's research team highlighted the alarming capabilities of malicious extensions built on Manifest V3, which include stealing sensitive data without user permission.
The alarming findings reveal that rogue extensions can perform actions such as adding collaborators to private GitHub repositories and redirecting users to compromised login pages, illustrating significant security flaws.
Despite efforts to improve security with MV3, these extensions still replicate many vulnerabilities of their predecessors, enabling lax safety defenses and allowing easy exploitation by attackers.
Over 280 million malicious Chrome extensions have been installed in recent years, underscoring the persistent threat posed by these rogue browser tools and Google's struggle to mitigate it.
Collection
[
|
...
]