Find notable cyber news and cases, enriched with sources, timelines, and signals.

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First reported
Last updated
Happening score
H score 57
2 unique sources, 2 articles

Summary

Hide ▲

The QuickLens - Search Screen with Google Lens Chrome extension was compromised and used to push malware to about 7,000 users, creating risk of credential theft and wallet theft. The malicious version 5.8 update landed on February 17, 2026 and the extension was later removed from the Chrome Web Store. Google also disabled the extension for affected users.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Google Chrome 149 security update

Security Patch Release
H score28 First: 12.06.2026 12:27 Last: 12.06.2026 12:27 Sources 1

About this happening: Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...

Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)

Vulnerability
H score45 First: 09.06.2026 09:56 Last: 09.06.2026 09:56 Sources 1

About this happening: **Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
H score0 First: 05.05.2026 14:24 Last: 05.05.2026 14:24 Sources 1

About this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
H score38 First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

Timeline

  1. 28.02.2026 21:18 2 articles · 4mo ago

    QuickLens version 5.8 adds malicious ClickFix and theft payloads

    Technical Analysis Update

    On February 17, 2026, version 5.8 of QuickLens - Search Screen with Google Lens was released with malicious scripts that introduced ClickFix prompts and info-stealing behavior, requested declarativeNetRequestWithHostAccess and webRequest, stripped CSP, X-Frame-Options, and X-XSS-Protection, polled api.extensionanalyticspro[.]top for instructions, and delivered payloads that targeted crypto wallets, credentials, Gmail inbox contents, Facebook Business Manager data, and YouTube channel information.

    Show sources
  2. 28.02.2026 21:18 1 articles · 4mo ago

    QuickLens compromise becomes public and the extension is removed

    Initial Disclosure

    Public reporting on February 28, 2026 highlighted fake Google Update alerts on visited pages, and Google removed QuickLens - Search Screen with Google Lens from the Chrome Web Store so Chrome automatically disabled it for affected users.

    Show sources