LayerX Security
-
30 fake AI Chrome extensions with 300,000 installs steal credentials and email content
Thirty malicious Chrome extensions with more than 300,000 installs posed as AI assistants to steal credentials, Gmail content, and voice transcripts according to a technical analysis by LayerX. Users should remove suspicious extensions and reset passwords if compromised.
-
Report: Claude Desktop Extensions run unsandboxed, enabling zero-click RCE
A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.
