Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Texas suit alleging anti-coal “cartel” of top Wall Street firms could reshape ESG

    August 30, 2025

    Tech from Apple, Dyson, Sony and others is up to 50 percent off

    August 30, 2025

    I’m really impressed with this $400 portable projector

    August 30, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook X (Twitter) Instagram
    GeekBlog
    Home»Deals & Offers»Your browser’s tools can’t see what extensions are really doing – and hackers know it perfectly well
    Deals & Offers

    Your browser’s tools can’t see what extensions are really doing – and hackers know it perfectly well

    Michael ComaousBy Michael ComaousAugust 1, 2025No Comments3 Mins Read0 Views
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Representational image of a hacker
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    • Labels like “Verified” give a false sense of safety but don’t reflect real extension behavior
    • Browser DevTools were never meant to track how extensions behave across tabs and over time
    • Malicious extensions often act normally until specific triggers make their hidden features come alive

    The unchecked spread of malicious browser extensions continues to expose users to spyware and other threats, largely due to deep-seated flaws in how the software handles extension security.

    New research from SquareX claims many people still rely on superficial trust markers like “Verified” or “Chrome Featured,” which have repeatedly failed to prevent widespread compromise.

    These markers, while intended to reassure users, often offer little insight into the actual behavior of an extension.


    You may like

    Labels offer little protection against dynamic threats

    A central issue lies in the limitations of Browser DevTools, which were designed in the late 2000s for web page debugging.

    These tools were never meant to inspect the far more complex behavior of modern browser extensions, which can run scripts, take screenshots, and operate across tabs, actions that existing DevTools struggle to trace or attribute.

    This creates an environment where malicious behaviors can remain hidden, even as they collect data or manipulate web content.

    The failure of these DevTools lies in their inability to provide telemetry that isolates extension behavior from standard web activity.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    For instance, when a script is injected into a web page by an extension, DevTools lack the means to distinguish it from the page’s native functions.

    The Geco Colorpick incident offers an example of how trust indicators can fail catastrophically – according to findings from Koi Research, 18 malicious extensions were able to distribute spyware to 2.3 million users, despite carrying the highly visible “Verified” label.

    To address this, SquareX has proposed a new framework involving a modified browser and what it calls Browser AI Agents.

    This combination is designed to simulate varied user behaviors and conditions, drawing out hidden or delayed responses from extensions.

    The approach is part of what SquareX terms the Extension Monitoring Sandbox, a setup that enables dynamic analysis based on real-time activity rather than just static code inspection.

    At the moment, many organizations continue to rely on free antivirus tools or built-in browser protections that cannot keep up with the evolving threat landscape.

    The gap between perceived and actual security leaves both individuals and companies vulnerable.

    The long-term impact of this initiative remains to be seen, but it reflects a growing recognition that browser-based threats demand more than superficial safeguards.

    You might also like

    Source link

    browsers extensions Hackers perfectly tools
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleWith Trump’s cutbacks, crew heads for ISS unsure of when they’ll come back
    Next Article My favorite Razr Ultra (2025) feature is one I didn’t see coming
    Michael Comaous
    • Website

    Related Posts

    37 Mins Read

    Obsidian’s CEO on why productivity tools need community more than AI

    2 Mins Read

    Deutsche Telekom’s $170 T Phone 3 offers AI tools, an 18-month Perplexity Pro subscription, and a €1 bundle deal shaking up the market

    4 Mins Read

    We can’t believe the Samsung Galaxy Buds 3 Pro are still $109.99

    3 Mins Read

    Deal: The Yaber L2s Projector is just $134.98, and it’s enjoyable!

    4 Mins Read

    Apple iPad Mini A17 Pro plummets to its record-low price

    2 Mins Read

    Some AI tools don’t understand biology yet

    Top Posts

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202512 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202512 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Our Picks

    Texas suit alleging anti-coal “cartel” of top Wall Street firms could reshape ESG

    August 30, 2025

    Tech from Apple, Dyson, Sony and others is up to 50 percent off

    August 30, 2025

    I’m really impressed with this $400 portable projector

    August 30, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.