#browser-security
6 stories taggedbrowser-security.
Fake Perplexity Extension Siphoned Every Chrome Address Bar Keystroke
Microsoft researchers flagged a counterfeit Perplexity Chrome extension that piped queries and omnibox input to an attacker server before completing the search.
Featured Chrome Ad Blocker with 10M+ Installs Carries Dormant JS Injection Capability
Researchers flagged a Featured-badge extension that can pull and execute remote JavaScript — a capability common to supply-chain abuse clusters tracked across the Chrome Web Store.
AutoJack: When the AI Browser Becomes the Initial Access Broker
Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.
Chrome Ships Emergency V8 Fix for CVE-2026-11645 Already Under Attack
An out-of-bounds read/write in V8 is being exploited in the wild. Google's update covers 74 issues. Patch, then verify your browser fleet actually restarted.
FROST: A Browser-Only Side Channel That Reads Your SSD to Guess What You're Doing
Graz University researchers show that JavaScript timing alone can fingerprint websites and applications by measuring contention on a victim's solid-state drive.
A Three-Year-Old Chromium Bug Can Turn Your Browser Into a Bot — And It's Still Not Fixed
An unpatched flaw in Chromium's Background Fetch API lets malicious websites keep service workers alive indefinitely, enabling crypto mining, DDoS participation, and persistent tracking across browser restarts.