A campaign named GhostPoster has compromised 17 Firefox add-ons, embedding malicious JavaScript to hijack affiliate links, inject tracking, and facilitate ad fraud, affecting over 50,000 downloads. The malware employs sophisticated evasion techniques, including delayed activation and random payload fetching, to monitor browsing, strip security headers, and enable remote code execution, highlighting ongoing threats from malicious browser extensions.
A popular Chrome extension called Urban VPN Proxy, with 6 million users, was found secretly collecting and exfiltrating users' AI chat prompts and responses to remote servers, despite claiming to provide VPN services and offering a privacy protection feature. The extension's update in July 2025 enabled default data harvesting, which is hidden from users, raising significant privacy concerns. Similar data collection practices were identified in other extensions from the same publisher, highlighting risks associated with trusted marketplace badges and the need for better oversight.
Brave Software has proactively disabled Windows Recall from capturing screenshots of its browser windows to protect user privacy, following concerns over sensitive data exposure. The change uses Microsoft's SetInputScope API to mark Brave windows as private, preventing Recall from indexing browsing activity. This update is already in Brave Nightly and will be available in stable releases soon, with an option for users to enable Recall if desired.
The Browser Company has stopped developing new features for the Arc browser to focus on its new AI-centric Dia browser, citing security concerns and the complexity of maintaining Arc. While Arc will still receive security updates and bug fixes, the company plans to keep it proprietary, not open-source or sold, until it is safe to do so, emphasizing a focus on security and AI integration.
A new warning highlights a significant rise in cyber threats targeting holiday shoppers, with an 89% increase in malicious websites related to Black Friday compared to last year. Major browsers like Chrome, Safari, Edge, and Firefox are affected, as cybercriminals use phishing tactics to impersonate well-known brands and trick users into providing sensitive information. Check Point advises consumers to be vigilant by checking URLs, ensuring secure connections, and avoiding unnecessary data entry to protect against these scams.
Google has agreed to delete billions of browsing records as part of a settlement in a class action lawsuit alleging that the company tracked users' internet activity without their consent while using "incognito" mode in its Chrome browser. The settlement, pending court approval, requires Google to purge private browsing data and make it less identifiable, block third-party cookies in Incognito Mode for five years, and update the language around Incognito Mode to clarify its limitations. The lawsuit revealed internal discussions within Google criticizing the mode as a "confusing mess" and a "problem of professional ethics and basic honesty." Additionally, Google has implemented new requirements for email senders to combat spam and phishing attacks in Gmail.
Google has introduced an enhanced version of Safe Browsing for Chrome users, providing real-time URL protection to prevent visits to potentially malicious sites. The new protection mode will check sites against Google's server-side list of known bad sites in real-time, aiming to block 25% more phishing attempts. This change comes as the list of harmful websites is growing rapidly, with many phishing domains existing for less than 10 minutes, making them difficult to block. The new architecture involves real-time checks using obfuscated URL hashes and a privacy server to prevent access to users' IP addresses, ensuring browsing activity remains private.
Cybersecurity researchers have discovered a remote code execution vulnerability in the Opera web browser, dubbed MyFlaw, which could allow attackers to execute any file on Windows and macOS systems by exploiting the My Flow feature. The flaw, addressed in updates on November 22, 2023, bypasses the browser's sandbox and process, posing a significant security risk. Opera has swiftly patched the issue and is working to prevent similar problems in the future, emphasizing the importance of collaboration with security experts to enhance product security.
Google Chrome is replacing the HTTPS lock icon with a "tune" icon as part of its Material You redesign in September. The lock icon has become less effective in signaling security protections, and research shows that users misunderstand its meaning. The new icon is meant to be a neutral indicator that security should be the default state in Chrome and is more obviously clickable. It will also make permission controls and additional security information more accessible. The new icon will be available on Chrome for desktop and Android, while the iOS app will remove the lock icon entirely.
Google has released an urgent update to fix a zero-day vulnerability in its Chrome web browser, which is being actively exploited by threat actors. The high-severity vulnerability, tracked as CVE-2023-2033, is a type confusion issue in the V8 JavaScript engine. Users are advised to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Chromium-based browser users are also advised to apply the fixes as and when they become available.
