You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
browser extensions
About this tag
Discussions on WindowsForum.com cover browser extensions as a significant security vector in Chromium-based browsers like Chrome and Edge. Topics include vulnerabilities such as CVE-2026-12445, CVE-2026-11658, and CVE-2026-7940, which highlight risks like code execution, data leaks, and site isolation bypasses via malicious extensions. The PromptSnatcher campaign demonstrates how ad-blocking extensions can steal AI prompts and metadata from thousands of users. Other threads address enterprise extension policies, the importance of patching browsers promptly, and Microsoft's AI opt-out extension for Bing. These conversations emphasize that browser extensions should be treated as software with security implications, not mere add-ons.
Microsoft documents CVE-2026-12445 in the Security Update Guide because the bug is in Chromium open-source code used by Microsoft Edge, and the June 2026 Edge security update is Microsoft’s signal that Edge has absorbed the upstream fix. This is not Microsoft claiming the flaw originated in...
Google Chrome’s CVE-2026-11658, published June 8, 2026 and last modified by NVD on June 10, describes an Extensions input-validation flaw in Chrome before 149.0.7827.103 that could let an attacker with a compromised renderer bypass site isolation using a crafted HTML page. The bug is not the...
Google’s CVE-2026-11644 entry, published June 8, 2026 and modified June 9, describes a critical use-after-free flaw in Chrome’s Views component on Linux before version 149.0.7827.103 that could allow code execution through a malicious Chrome extension. The important wrinkle is not just the...
A security report published June 13, 2026, by MalExt Sentry says two browser ad-blocking extensions, Smart Adblocker and Adblock for Browser, secretly intercepted AI conversations and account metadata from roughly 90,000 users across ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok...
Microsoft Bing added a preview opt-out for Copilot-style AI answers in search results in early June 2026, giving Chrome and Edge users a browser extension toggle and letting anyone append “-ai” to a Bing query to suppress AI-generated responses. That is a small product change with a much larger...
Google and Microsoft disclosed CVE-2026-7940 on May 6, 2026, a medium-severity Chromium vulnerability in V8 that affects Google Chrome before 148.0.7778.96 and can let a malicious Chrome extension execute arbitrary code inside the browser sandbox. The short version is reassuring only if your...
Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, as a medium-severity Chromium flaw in Skia that affects Google Chrome before version 148.0.7778.96 and can let an attacker with renderer compromise leak cross-origin data through a crafted Chrome extension. That is a narrow bug...
Google disclosed CVE-2026-7976 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Views component, fixed in Chrome 148.0.7778.96, where a malicious extension could achieve arbitrary code execution after persuading a user to install it. That is the dry entry in the vulnerability...
No, the current NVD configuration for CVE-2026-8008 does not appear to be missing the obvious Chrome CPE: it lists Google Chrome versions before 148.0.7778.96 across Windows, Linux, and macOS, while Microsoft’s MSRC entry exists because Edge inherits Chromium security tracking. The more...
CVE-2026-7351 is a high-severity Chromium vulnerability disclosed on April 28, 2026, affecting Google Chrome before 147.0.7727.138, where a race condition in MHTML could let a malicious Chrome extension leak cross-origin data after persuading a user to install it. The plain-English version is...
Ghost Downloader 3 v3.8 arrives as one of those releases that looks incremental on paper but meaningfully broadens the project’s footprint in practice. The headline change is the new Ghost Downloader for Browser (GD4B) extension, which pushes task capture, media sniffing, and built-in...
Microsoft Defender’s recent investigation shows a deceptive new vector for corporate data leakage: malicious Chromium‑based browser extensions that impersonate trusted AI assistant tools and quietly siphon LLM chat histories and browsing telemetry from users — at scale and with real-world...
Adblock Plus’s arrival in Microsoft Edge marked a pivotal moment for Windows 10 users: ad-blocking — long a reason many people stayed with Chrome or Firefox — finally came to Microsoft’s newest browser via the Windows Store, shipped with the Windows 10 Anniversary Update and rolled out to...
Windows 11’s AI experiment has a new nickname: “Microslop,” and the joke just graduated into tooling — a browser extension that replaces every on‑page instance of “Microsoft” with “Microslop” is circulating across browser stores and social platforms, turning user anger into a visible, repeatable...
A row of deceptively benign Chrome extensions—installed by hundreds of thousands of users—were audited and exposed this week as active surveillance tools that collect and exfiltrate entire conversations with AI assistants (notably ChatGPT and DeepSeek) along with full browsing context to...
A chain of recent disclosures shows that seemingly helpful browser extensions — including a long‑running Chrome add‑on and several “privacy” VPN tools with millions of installs — quietly gained the ability to intercept, record and transmit users’ AI-chat conversations and web traffic, turning...
Security researchers have exposed a family of seemingly benign Chrome and Edge extensions that quietly intercepted entire conversations with major AI chat services and forwarded those chats to remote analytics servers—an exposure that affects millions of users and raises urgent questions about...
A family of popular browser extensions marketed as free VPNs and privacy tools secretly captured and exfiltrated complete conversations with ChatGPT, Google Gemini, Anthropic Claude and several other web-based AI assistants—affecting more than eight million installs and creating one of the most...
Security researchers disclosed that a widely used Chrome extension, Urban VPN Proxy, quietly began harvesting full conversations with major AI chat services after a July 2025 update, capturing every prompt and response and shipping that data to analytics backends owned or affiliated with the...
Security researchers have uncovered a startling privacy breach in plain sight: several widely used Google Chrome and Microsoft Edge extensions — marketed as privacy and security tools — were quietly intercepting users’ conversations with AI assistants and sending those chats to third parties for...