Google warns of severe Chrome vulnerabilities and extension threats
- Google has warned 2 billion Chrome users about a critical memory vulnerability that has been addressed.
- Malicious browser extensions are increasingly causing security threats by exfiltrating data and hijacking sessions.
- Users must remain vigilant about the extensions they install, as many perceived as safe can pose significant risks.
Recently, Google alerted users about a significant memory vulnerability affecting approximately 2 billion Chrome users worldwide. The vulnerability, designated as CVE-2025-8292, poses a high-severity risk that could allow attackers to exploit users through malicious websites they visit. In light of this, Google advised all desktop users to update their browsers to the latest version, 138.0.7204.183/.184, to mitigate these security risks. However, this fix alone may not ensure complete safety; a more insidious threat looms from potentially harmful browser extensions. Recent reports by SquareX have highlighted a troubling trend concerning browser extensions, which are often perceived as safe due to labels such as 'Verified' or 'Chrome Featured.' Despite these assurances, many verified extensions have been compromised or developed with malicious intent. These extensions can operate with a user’s personal credentials, making them highly dangerous as they are able to exfiltrate sensitive information, including session cookies, and even hijack users' browser sessions. SquareX’s Vivek Ramachandran noted that security tools lack the ability to monitor the dynamic behavior of extensions at runtime, which increases the risk associated with these tools. The rise of malicious extensions is alarming, as it reflects a broader pattern in which attackers can manipulate trusted applications to exploit unsuspecting users. A variety of extensions have already been brought to light for their malicious activities, including Geco Colorpick and Cyberhaven, which have been reported to help spread spyware. Moreover, some benign extensions may turn malicious after changes in ownership or security compromises, rendering them a significant risk factor. In response to the evolving landscape of browser-based threats, experts are urging users to exercise caution when downloading and installing browser extensions. Awareness of the permissions granted to these extensions is vital; extensions can access web page storages, modify content, inject scripts, and even take control over web APIs. Users are encouraged to be vigilant and constantly reassess the tools they have installed, as the threat from these seemingly innocuous add-ons poses a serious risk that may go unnoticed.