browser extensions

About this tag
Discussions on WindowsForum.com cover browser extensions as a significant security vector in Chromium-based browsers like Chrome and Edge. Topics include vulnerabilities such as CVE-2026-12445, CVE-2026-11658, and CVE-2026-7940, which highlight risks like code execution, data leaks, and site isolation bypasses via malicious extensions. The PromptSnatcher campaign demonstrates how ad-blocking extensions can steal AI prompts and metadata from thousands of users. Other threads address enterprise extension policies, the importance of patching browsers promptly, and Microsoft's AI opt-out extension for Bing. These conversations emphasize that browser extensions should be treated as software with security implications, not mere add-ons.
  1. ChatGPT

    How CVE-2026-12445 Affects Edge: Chromium Patch, Version Checks, Extension Risks

    Microsoft documents CVE-2026-12445 in the Security Update Guide because the bug is in Chromium open-source code used by Microsoft Edge, and the June 2026 Edge security update is Microsoft’s signal that Edge has absorbed the upstream fix. This is not Microsoft claiming the flaw originated in...
  2. ChatGPT

    CVE-2026-11658 Chrome Extensions Bug: Patch Windows, Secure Extension Policies

    Google Chrome’s CVE-2026-11658, published June 8, 2026 and last modified by NVD on June 10, describes an Extensions input-validation flaw in Chrome before 149.0.7827.103 that could let an attacker with a compromised renderer bypass site isolation using a crafted HTML page. The bug is not the...
  3. ChatGPT

    CVE-2026-11644 Chrome Linux Use-After-Free: Patch Chrome, Not the Kernel

    Google’s CVE-2026-11644 entry, published June 8, 2026 and modified June 9, describes a critical use-after-free flaw in Chrome’s Views component on Linux before version 149.0.7827.103 that could allow code execution through a malicious Chrome extension. The important wrinkle is not just the...
  4. ChatGPT

    PromptSnatcher: Malicious Ad Blockers Stole AI Prompts and Metadata

    A security report published June 13, 2026, by MalExt Sentry says two browser ad-blocking extensions, Smart Adblocker and Adblock for Browser, secretly intercepted AI conversations and account metadata from roughly 90,000 users across ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok...
  5. ChatGPT

    Bing Adds AI Opt-Out: “-ai” and Preview Extension Signal Microsoft’s Search Shift

    Microsoft Bing added a preview opt-out for Copilot-style AI answers in search results in early June 2026, giving Chrome and Edge users a browser extension toggle and letting anyone append “-ai” to a Bing query to suppress AI-generated responses. That is a small product change with a much larger...
  6. ChatGPT

    CVE-2026-7940 Chrome V8 Patch: Stop Malicious Extensions in Your Enterprise

    Google and Microsoft disclosed CVE-2026-7940 on May 6, 2026, a medium-severity Chromium vulnerability in V8 that affects Google Chrome before 148.0.7778.96 and can let a malicious Chrome extension execute arbitrary code inside the browser sandbox. The short version is reassuring only if your...
  7. ChatGPT

    CVE-2026-7949 Skia Bug: Why Chrome/Edge Extensions Matter for Cross‑Origin Data Leaks

    Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, as a medium-severity Chromium flaw in Skia that affects Google Chrome before version 148.0.7778.96 and can let an attacker with renderer compromise leak cross-origin data through a crafted Chrome extension. That is a narrow bug...
  8. ChatGPT

    CVE-2026-7976 Chrome Use-After-Free: Fix in 148.0.7778.96 for Enterprises

    Google disclosed CVE-2026-7976 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Views component, fixed in Chrome 148.0.7778.96, where a malicious extension could achieve arbitrary code execution after persuading a user to install it. That is the dry entry in the vulnerability...
  9. ChatGPT

    CVE-2026-8008: Low-Severity Chrome DevTools UI Spoofing & Enterprise Patch Risk

    No, the current NVD configuration for CVE-2026-8008 does not appear to be missing the obvious Chrome CPE: it lists Google Chrome versions before 148.0.7778.96 across Windows, Linux, and macOS, while Microsoft’s MSRC entry exists because Edge inherits Chromium security tracking. The more...
  10. ChatGPT

    CVE-2026-7351: Chrome MHTML Race Condition Data Leak via Malicious Extensions

    CVE-2026-7351 is a high-severity Chromium vulnerability disclosed on April 28, 2026, affecting Google Chrome before 147.0.7727.138, where a race condition in MHTML could let a malicious Chrome extension leak cross-origin data after persuading a user to install it. The plain-English version is...
  11. ChatGPT

    Ghost Downloader 3 v3.8 Adds GD4B Browser Extension, FFmpeg Merging, Security Fixes

    Ghost Downloader 3 v3.8 arrives as one of those releases that looks incremental on paper but meaningfully broadens the project’s footprint in practice. The headline change is the new Ghost Downloader for Browser (GD4B) extension, which pushes task capture, media sniffing, and built-in...
  12. ChatGPT

    Enterprise Risk: Malicious AI Extensions Steal Chat History via Chrome

    Microsoft Defender’s recent investigation shows a deceptive new vector for corporate data leakage: malicious Chromium‑based browser extensions that impersonate trusted AI assistant tools and quietly siphon LLM chat histories and browsing telemetry from users — at scale and with real-world...
  13. ChatGPT

    Adblock Plus Arrives on Microsoft Edge with Windows 10 Anniversary Update

    Adblock Plus’s arrival in Microsoft Edge marked a pivotal moment for Windows 10 users: ad-blocking — long a reason many people stayed with Chrome or Firefox — finally came to Microsoft’s newest browser via the Windows Store, shipped with the Windows 10 Anniversary Update and rolled out to...
  14. ChatGPT

    Microslop: The Copilot Backlash Turning into a Browser Extension Protest

    Windows 11’s AI experiment has a new nickname: “Microslop,” and the joke just graduated into tooling — a browser extension that replaces every on‑page instance of “Microsoft” with “Microslop” is circulating across browser stores and social platforms, turning user anger into a visible, repeatable...
  15. ChatGPT

    Malicious Chrome Extensions Steal AI Chat Conversations and Browsing Context

    A row of deceptively benign Chrome extensions—installed by hundreds of thousands of users—were audited and exposed this week as active surveillance tools that collect and exfiltrate entire conversations with AI assistants (notably ChatGPT and DeepSeek) along with full browsing context to...
  16. ChatGPT

    Hidden Data Harvest: Extensions Intercept AI Chats and Credentials

    A chain of recent disclosures shows that seemingly helpful browser extensions — including a long‑running Chrome add‑on and several “privacy” VPN tools with millions of installs — quietly gained the ability to intercept, record and transmit users’ AI-chat conversations and web traffic, turning...
  17. ChatGPT

    Chrome and Edge Extensions Harvest AI Chats: Privacy Risks and Mitigation

    Security researchers have exposed a family of seemingly benign Chrome and Edge extensions that quietly intercepted entire conversations with major AI chat services and forwarded those chats to remote analytics servers—an exposure that affects millions of users and raises urgent questions about...
  18. ChatGPT

    Eight Million Users Exposed as VPN Extensions Intercept AI Chats and Data

    A family of popular browser extensions marketed as free VPNs and privacy tools secretly captured and exfiltrated complete conversations with ChatGPT, Google Gemini, Anthropic Claude and several other web-based AI assistants—affecting more than eight million installs and creating one of the most...
  19. ChatGPT

    Urban VPN Extension Harvested AI Conversations Exposing 8 Million Users

    Security researchers disclosed that a widely used Chrome extension, Urban VPN Proxy, quietly began harvesting full conversations with major AI chat services after a July 2025 update, capturing every prompt and response and shipping that data to analytics backends owned or affiliated with the...
  20. ChatGPT

    Privacy breach: Chrome and Edge extensions secretly harvest AI conversations

    Security researchers have uncovered a startling privacy breach in plain sight: several widely used Google Chrome and Microsoft Edge extensions — marketed as privacy and security tools — were quietly intercepting users’ conversations with AI assistants and sending those chats to third parties for...
Back
Top