Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Security expert warns: don’t list defense work on LinkedIn – or you could be at risk of getting hacked

    August 3, 2025

    No, smartphone GPS apps won’t be banned in the UK from 2026 – despite the latest wild TikTok rumors

    August 3, 2025

    Men's Linen Shirt: 2 for $11 + $8 shipping

    August 3, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook X (Twitter) Instagram
    GeekBlog
    Home»Deals & Offers»Your browser’s tools can’t see what extensions are really doing – and hackers know it perfectly well
    Deals & Offers

    Your browser’s tools can’t see what extensions are really doing – and hackers know it perfectly well

    Michael ComaousBy Michael ComaousAugust 1, 2025No Comments3 Mins Read0 Views
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Representational image of a hacker
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    • Labels like “Verified” give a false sense of safety but don’t reflect real extension behavior
    • Browser DevTools were never meant to track how extensions behave across tabs and over time
    • Malicious extensions often act normally until specific triggers make their hidden features come alive

    The unchecked spread of malicious browser extensions continues to expose users to spyware and other threats, largely due to deep-seated flaws in how the software handles extension security.

    New research from SquareX claims many people still rely on superficial trust markers like “Verified” or “Chrome Featured,” which have repeatedly failed to prevent widespread compromise.

    These markers, while intended to reassure users, often offer little insight into the actual behavior of an extension.


    You may like

    Labels offer little protection against dynamic threats

    A central issue lies in the limitations of Browser DevTools, which were designed in the late 2000s for web page debugging.

    These tools were never meant to inspect the far more complex behavior of modern browser extensions, which can run scripts, take screenshots, and operate across tabs, actions that existing DevTools struggle to trace or attribute.

    This creates an environment where malicious behaviors can remain hidden, even as they collect data or manipulate web content.

    The failure of these DevTools lies in their inability to provide telemetry that isolates extension behavior from standard web activity.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    For instance, when a script is injected into a web page by an extension, DevTools lack the means to distinguish it from the page’s native functions.

    The Geco Colorpick incident offers an example of how trust indicators can fail catastrophically – according to findings from Koi Research, 18 malicious extensions were able to distribute spyware to 2.3 million users, despite carrying the highly visible “Verified” label.

    To address this, SquareX has proposed a new framework involving a modified browser and what it calls Browser AI Agents.

    This combination is designed to simulate varied user behaviors and conditions, drawing out hidden or delayed responses from extensions.

    The approach is part of what SquareX terms the Extension Monitoring Sandbox, a setup that enables dynamic analysis based on real-time activity rather than just static code inspection.

    At the moment, many organizations continue to rely on free antivirus tools or built-in browser protections that cannot keep up with the evolving threat landscape.

    The gap between perceived and actual security leaves both individuals and companies vulnerable.

    The long-term impact of this initiative remains to be seen, but it reflects a growing recognition that browser-based threats demand more than superficial safeguards.

    You might also like

    Source link

    browsers extensions Hackers perfectly tools
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleWith Trump’s cutbacks, crew heads for ISS unsure of when they’ll come back
    Next Article My favorite Razr Ultra (2025) feature is one I didn’t see coming
    Michael Comaous
    • Website

    Related Posts

    1 Min Read

    Men's Linen Shirt: 2 for $11 + $8 shipping

    6 Mins Read

    I tested ChatGPT Study Mode vs NotebookLM — here’s which one came out on top

    2 Mins Read

    Bring Spider-Man All the Way Home With 20% Off This Iconic Lego Set

    3 Mins Read

    UK parents get a powerful new tool to manage kids’ screen time while the rest of the world waits

    1 Min Read

    Nefoso 90L Rolling Laundry Hamper for $16 + free shipping w/$35

    5 Mins Read

    Don’t skip leg day! According to a scientist, these are the only 2 exercises you need to strengthen your lower body

    Top Posts

    30-Year Fixed-Rate Mortgage Decreases: Mortgage Interest Rates Today for Aug. 1, 2025

    August 1, 202510 Views

    Are There Cordless Vacuums With Replaceable Batteries?

    July 1, 20259 Views

    Deal: Netgear 4G LTE Broadband Modem is just $19.99!

    August 1, 20256 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    30-Year Fixed-Rate Mortgage Decreases: Mortgage Interest Rates Today for Aug. 1, 2025

    August 1, 202510 Views

    Are There Cordless Vacuums With Replaceable Batteries?

    July 1, 20259 Views

    Deal: Netgear 4G LTE Broadband Modem is just $19.99!

    August 1, 20256 Views
    Our Picks

    Security expert warns: don’t list defense work on LinkedIn – or you could be at risk of getting hacked

    August 3, 2025

    No, smartphone GPS apps won’t be banned in the UK from 2026 – despite the latest wild TikTok rumors

    August 3, 2025

    Men's Linen Shirt: 2 for $11 + $8 shipping

    August 3, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.