Browser extension risk reduction guidance for credential theft and SaaS compromise
Defensive Guidance
Summary
Hide ▲
Show ▼
A new browser-extension hardening playbook recommends allow lists, permission audits, monitoring, and staged updates to cut credential theft and SaaS compromise risk. It treats browser add-ons as part of the organization's identity and cloud attack surface, not just endpoint software. The guidance matters because silent extension updates can turn a trusted add-on into a stealthy access path without users noticing.
Related Happenings
Silent Swap browser-extension clipboard clipper
Malware Activity
H score36
First: 30.06.2026 18:40
Last: 30.06.2026 18:40
Sources 1
About this happening:
The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Silent Swap browser-extension clipboard clipper
Malware ActivityAbout this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
StegoAd malicious Edge extension operation
Malware Activity
H score19
First: 29.06.2026 11:32
Last: 29.06.2026 11:32
Sources 1
About this happening:
The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...
StegoAd malicious Edge extension operation
Malware ActivityAbout this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical Analysis
H score23
First: 25.06.2026 17:12
Last: 25.06.2026 17:12
Sources 1
About this happening:
A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical AnalysisAbout this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware Activity
H score11
First: 14.04.2026 11:35
Last: 14.04.2026 11:35
Sources 1
About this happening:
**108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware ActivityAbout this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
Timeline
-
15.12.2025 13:55 2 articles · 6mo ago
Browser-extension hardening guidance after ShadyPanda disclosure
Technical Analysis UpdateSecurity guidance dated December 15, 2025 recommends enforcing browser extension allow lists, auditing permissions on a recurring schedule, monitoring installs and silent updates, and staging extension rollouts to reduce the risk that trusted Chrome and Edge browser extensions are turned into spyware or backdoor tools that steal session cookies, tokens, credentials, and SaaS access.
Show sources
- A Browser Extension Risk Guide After the ShadyPanda Campaign — thehackernews.com — 15.12.2025 13:55
- A Browser Extension Risk Guide After the ShadyPanda Campaign — thehackernews.com — 15.12.2025 13:55