QuickLens - Search Screen with Google Lens hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The QuickLens - Search Screen with Google Lens Chrome extension was compromised and used to push malware to about 7,000 users, creating risk of credential theft and wallet theft. The malicious version 5.8 update landed on February 17, 2026 and the extension was later removed from the Chrome Web Store. Google also disabled the extension for affected users.
Related Happenings
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Google Chrome 149 security update
Security Patch Release
H score28
First: 12.06.2026 12:27
Last: 12.06.2026 12:27
Sources 1
About this happening:
Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...
Google Chrome 149 security update
Security Patch ReleaseAbout this happening: Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...
Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)
Vulnerability
H score45
First: 09.06.2026 09:56
Last: 09.06.2026 09:56
Sources 1
About this happening:
**Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...
Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)
VulnerabilityAbout this happening: **Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...
Google overhauls Android and Chrome bug bounty programs
Commercial Activity
H score0
First: 05.05.2026 14:24
Last: 05.05.2026 14:24
Sources 1
About this happening:
**Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Google overhauls Android and Chrome bug bounty programs
Commercial ActivityAbout this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Chrome Web Store malicious extensions coordinated campaign using shared C2
Campaign
H score38
First: 14.04.2026 23:33
Last: 14.04.2026 23:33
Sources 1
About this happening:
A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...
Chrome Web Store malicious extensions coordinated campaign using shared C2
CampaignAbout this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...
Timeline
-
28.02.2026 21:18 1 articles · 4mo ago
QuickLens ownership shifts to LLC Quick Lens
Campaign Scope UpdateQuickLens - Search Screen with Google Lens changed ownership to [email protected] under LLC Quick Lens, and a new privacy policy appeared on a barely functional domain.
Show sources
- QuickLens Chrome extension steals crypto, shows ClickFix attack — www.bleepingcomputer.com — 28.02.2026 21:18
-
28.02.2026 21:18 2 articles · 4mo ago
QuickLens version 5.8 adds malicious ClickFix and theft payloads
Technical Analysis UpdateOn February 17, 2026, version 5.8 of QuickLens - Search Screen with Google Lens was released with malicious scripts that introduced ClickFix prompts and info-stealing behavior, requested declarativeNetRequestWithHostAccess and webRequest, stripped CSP, X-Frame-Options, and X-XSS-Protection, polled api.extensionanalyticspro[.]top for instructions, and delivered payloads that targeted crypto wallets, credentials, Gmail inbox contents, Facebook Business Manager data, and YouTube channel information.
Show sources
- QuickLens Chrome extension steals crypto, shows ClickFix attack — www.bleepingcomputer.com — 28.02.2026 21:18
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft — thehackernews.com — 09.03.2026 12:28
-
28.02.2026 21:18 1 articles · 4mo ago
QuickLens compromise becomes public and the extension is removed
Initial DisclosurePublic reporting on February 28, 2026 highlighted fake Google Update alerts on visited pages, and Google removed QuickLens - Search Screen with Google Lens from the Chrome Web Store so Chrome automatically disabled it for affected users.
Show sources
- QuickLens Chrome extension steals crypto, shows ClickFix attack — www.bleepingcomputer.com — 28.02.2026 21:18