The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.
Hosted on MSN

Chrome extension disguised as AI assistant expose 10K+ users OpenAI API keys

A Chrome browser extension posing as an artificial intelligence assistant is siphoning OpenAI credentials from more than 10,000 users and sending them to third-party servers. Cybersecurity platform ...
Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...

This critical Chrome browser vulnerability lets malicious extensions spy on your PC

This critical Chrome browser vulnerability lets malicious extensions spy on your PC ...