Google Chrome Warning—‘Millions Of Users Have Data Stolen'
Google has issued an urgent warning for 2 billion Chrome users. A high-severity memory vulnerability could enable attackers to target users through the websites they visit. This has been fixed and all users should update and restart now.
CVE-2025-8292 is a critical fix, but there's a much more dangerous threat to Chrome users that is hidden from sight. And so while all desktop users must ensure they move to version 138.0.7204.183/.184 of the browser, that's not enough to stay safe.
This threat that should worry you more comes from extensions that might appear to be officially verified, but which have been designed or hijacked to attack your device.
'Millions of users have their data stolen,' SquareX's Vivek Ramachandran told me, as the extension-focused security team released its latest threat report. The alarming reality, he says, is that security tools do not have 'visibility into the dynamic behavior of extensions at run time to protect users against the rising threat vector'
The past few years, SquareX says, 'have witnessed a surge in malicious browser extensions, including the Geco Colorpick, Cyberhaven and the Great Suspender. These malicious extensions exfiltrate data, steal session cookies, spread spyware and even hijack browser sessions of victims.'
This includes extensions that were dangerous from the get-go, but also 'benign extensions that turned malicious — either due to a compromise or change in ownership — exploiting trusted extensions with a wide existing installed base.'
'Most enterprises still rely on extension store labels like 'Verified' and 'Chrome Featured' to determine its security,' Ramachandran says. 'This research showed that this is approach is extremely flawed as it turns out browser vendors and enterprises do not have sufficient tools to conduct extension analysis.'
This latest extension warning from SquareX echoes prior reports that focus on the hidden threats from extensions now installed by most users without any of the checks and balances applied to the browser itself. In a world of increasing AI threats, including the use of marauding browser AI agents, this is a huge risk.
'The majority of extensions today are downloaded and installed from official stores like Chrome Store,' SquareX says. But store badges 'can be easily gamified by attackers with fake reviews and mass downloads. As a result, numerous Verified and Chrome Featured Extensions have been discovered as malicious, including the latest disclosure.'
Extensions are often given free rein on devices and can operate with a user's credentials, which is a gift to attacks. 'It is important to first understand the 'superpowers' unique to browser extensions,' Square X warns, including:
All told, while updating and restarting Chrome is critical, it could very well be that the real threat to your browser and the data it accesses is hidden from view and constantly working against you. You really do need to be careful what you install.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 hours ago
- Yahoo
Apple might be building its own AI ‘answer engine'
Apple has formed a new team to build a ChatGPT-like app, according to according to Bloomberg's Mark Gurman. This team — reportedly called Answers, Knowledge, and Information — is working to build an 'answer engine' that can respond to questions using information from across the web. This could be a standalone app or provide search capabilities in Siri, Safari, and other Apple products. Gurman also notes that Apple is advertising for jobs with this team, specifically looking for applicants who have experience with search algorithms and engine development. While Apple has already integrated ChatGPT into Siri, a more personalized, AI-powered update to the voice assistant has been repeatedly delayed. Apple might also have to alter its search deal with Google as a result of the latter company's antitrust defeat. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
3 hours ago
- TechCrunch
Apple might be building its own AI ‘answer engine'
In Brief Apple has formed a new team to build a ChatGPT-like app, according to according to Bloomberg's Mark Gurman. This team — reportedly called Answers, Knowledge, and Information — is working to build an 'answer engine' that can respond to questions using information from across the web. This could be a standalone app or provide search capabilities in Siri, Safari, and other Apple products. Gurman also notes that Apple is advertising for jobs with this team, specifically looking for applicants who have experience with search algorithms and engine development. While Apple has already integrated ChatGPT into Siri, a more personalized, AI-powered update to the voice assistant has been repeatedly delayed. Apple might also have to alter its search deal with Google as a result of the latter company's antitrust defeat.
Yahoo
4 hours ago
- Yahoo
Apple crushes earnings expectations, but stays mum on a major asset
Apple crushes earnings expectations, but stays mum on a major asset originally appeared on TheStreet. Apple (Nasdaq: AAPL) reported its third-quarter earnings on July 31, beating Wall Street expectations on almost every front — from profit and revenue to iPhone sales and gross margins. The tech giant posted earnings per share (EPS) of $1.57, well above the expected $1.43, and $94.04 billion in revenue, exceeding forecasts of $89.53 billion. This marks Apple's largest quarterly revenue growth since December 2021. 'It was an exceptional quarter by any measure,' said CEO Tim Cook, speaking to CNBC after the report dropped. Apple's most important business — the iPhone — led the charge. iPhone revenue surged 13% year-over-year to $44.58 billion, boosted in part by strong sales of the iPhone 16, which Cook said saw 'strong double-digit' growth over its predecessor. Investors are keeping an eye on the tech behemoth for another reported addition. A new Fortune report revealed that Apple is in early discussions with fellow tech giants Airbnb and Google to introduce stablecoins, aiming to bring them into the mainstream for facilitating cross-border payments and reducing trading costs. Stablecoins could enable Apple to maximize transaction fees around the world, sources say — an indication that the technology company is making bigger moves into digital finance. Analysts, however, are not expecting a huge revenue boost, as Trump has threatened a 25% tax on iPhones unless they are made in the US, resulting in margin pressure on quarter three and quarter also has uncertainty around its $20 billion-per-year agreement with Google, which is at risk as a judge considers how to rule in the DOJ's antitrust case, as per reports. Reports also mention analysts like BofA's Wamsi Mohan say the attention will be on margin performance and iPhone revenue, which they see rising slightly to $39.8 billion. While Apple has not directly entered the crypto industry, it has eased up previous restrictions on crypto applications. Further, as of May, Apple Pay also supports stablecoin transactions with payment service provider, Mesh. The integration allows consumers to spend USDC and USDT at checkout and convert them to fiat in real-time. Apple crushes earnings expectations, but stays mum on a major asset first appeared on TheStreet on Jul 31, 2025 This story was originally reported by TheStreet on Jul 31, 2025, where it first appeared.
