MalwareBleeping Computer
8.5 — CRITICAL
Over 100 Chrome Web Store extensions steal user accounts, data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Over 100 malicious Chrome Web Store extensions are stealing user accounts and data, compromising OAuth2 Bearer tokens, deploying backdoors, and engaging in ad fraud. This incident highlights the vulnerability of user-facing software to malicious content.
⚙️Technical Details
Affected Systems
Chrome Web Store
Attack Vectors
Malicious extensionsGoogle OAuth2 Bearer tokensBackdoors deploymentAd fraud
💥Impact Assessment
Severity: H
Who Is at Risk
Users of affected Chrome Web Store extensions
🛡️Recommended Actions
1Users should immediately remove any suspicious or unknown extensions from their Chrome browsers.
2Users should enable two-factor authentication for Google accounts to prevent OAuth2 Bearer token theft.
3Google should review and remove malicious extensions from the Chrome Web Store.
📦Affected Products
Chrome Web StoreGoogle accounts
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.