Browser Security
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
-
Over 100 Malicious Chrome Extensions Discovered Posing as Legitimate Tools
Over 100 malicious Chrome browser extensions were found masquerading as legitimate tools, enabling credential theft and unauthorized access to user data. Experts warn users to remain vigilant when downloading browser extensions.
