15.3 C
New York
Monday, March 16, 2026
type here...
Home Blog Page 300

16 hijacked browser extensions expose 3.2 million users

By
Reporters News Wire
-
0


Cybercriminals are constantly finding new ways to exploit trusted apps and browser extensions. 

Since people tend to trust tools that seem legitimate, attackers use them to spread malware or steal sensitive data. A new report reveals that over 3.2 million users have been affected by a security breach involving malicious browser extensions. 

These extensions, which appeared genuine, were secretly embedding harmful scripts, stealing data and manipulating search results. 

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

laptop

A man using a Chrome browser. (Kurt “CyberGuy” Knutsson)

How were the extensions compromised?

GitLab Security has uncovered a major security breach affecting over 3.2 million users through a network of compromised browser extensions, including some linked to GitLab. The attack stemmed from a supply chain breach, where threat actors infiltrated legitimate extensions and pushed malicious updates. These updates embedded hidden scripts that allowed unauthorized data collection, altered HTTP requests and injected ads into web pages — all without users noticing.

Originally built for tasks like ad blocking, emoji input and screen recording, these extensions were repurposed through covert updates that exploited the extensive permissions users had granted, enabling real-time manipulation of web activity.

Typically, malicious extensions or apps are created solely to steal data, with their advertised functionality being an afterthought or simply a way to get listed in an official store. That was not the case here. These were legitimate extensions that became harmful only after attackers injected malicious updates into them.

hacker

An illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Which extensions are affected?

Several of the compromised extensions are commonly utilized and may be present in your browser. For instance, ad blockers such as AdBlock are valued for eliminating disruptive advertisements and enhancing browsing privacy. However, in this breach, these tools were manipulated to deliver malicious payloads. The following extensions have been identified as affected:

  1. AdBlock Plus
  2. Emoji Keyboard
  3. Screen Capture Pro
  4. Dark Mode Toggle
  5. Grammar Checker
  6. PDF Converter
  7. Weather Forecast
  8. Coupon Finder
  9. Video Downloader
  10. Password Manager
  11. Translate Tool
  12. Privacy Shield
  13. Speed Test
  14. News Reader
  15. Shopping Assistant
  16. VPN Extension

If any of these extensions are installed on your browser, it is recommended that you assess their permissions and consider their removal until official security updates are verified.

The malicious extensions bypassed Content Security Policy protections, which are designed to prevent cross-site scripting attacks, allowing attackers to modify web content without detection. They also communicated with command-and-control servers to receive further instructions, showing a high level of coordination. The attackers exploited the trust users place in the Chrome Web Store and its automatic update system. Investigations suggest this activity has been ongoing since at least July 2024.

google chrome

Google Chrome on a smartphone. (Kurt “CyberGuy” Knutsson)

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

How to remove an extension from Google Chrome

If you have installed one of the above-mentioned extensions on your browser, remove it as soon as possible. To remove an extension from Google Chrome, follow these steps:

  • Open Chrome and click the icon that looks like a piece of a puzzle. You’ll find it in the top-right corner of the browser.
  • You can see all the active extensions now. Click the three dots icon next to the extension you want to remove and select Remove from Chrome.
  • Click Remove to confirm.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

google search page

Steps to remove an extension from Google Chrome. (Kurt “CyberGuy” Knutsson)

6 ways you can protect your personal data

Here are 6 ways to safeguard your sensitive information and maintain your online privacy:

1. Keep your browser and extensions up-to-date: Outdated software is a goldmine for cybercriminals. Bugs or security gaps in old versions of your browser or extensions can be exploited to inject malicious code, steal data or take control of your system. Updates patch these vulnerabilities, making them a critical line of defense. Turn on automatic updates for your browser (e.g., Chrome, Firefox, Edge) so you’re always running the latest version without thinking about it. See my guide on keeping your devices and apps updated for more information.

2. Install extensions only from trusted sources: Official browser stores like the Chrome Web Store or Firefox Add-ons have rules and scans to catch bad actors, but they’re not perfect. Extensions from random websites or third-party downloads are far more likely to hide malware or spyware. Stick to the official store for your browser — don’t download extensions from sketchy links. 

3. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Be skeptical of extensions requesting unnecessary access: Some extensions overreach on purpose. A calculator tool asking for your browsing history or a weather app wanting your login data is a huge red flag.

Before installing, ask: “Does this permission match the extension’s job?” If the answer’s no, don’t install it. Watch out for broad permissions like “Read and change all your data on websites you visit” unless it’s clearly justified (e.g., a password manager). If an update suddenly adds new permission requests, dig into why. It might mean the extension has been sold or hacked.

5. Update your passwords: Change passwords for any accounts that may have been affected by the incident, and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.

6. Remove your personal data from public databases: If your personal data was exposed in this security incident, it’s crucial to act quickly to reduce your risk of identity theft and scams. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Kurt’s key takeaways

Browser extensions can improve functionality but also pose significant security risks if not carefully managed. If you have any of the above extensions installed in Chrome, you should remove them immediately. Treat your browser as a key part of your digital security. Regularly check your extensions, remove unnecessary permissions and be cautious about automatic updates, even from trusted sources.

Should browsers implement stricter restrictions on what extensions can do by default? Let us know by writing us at Cyberguy.com/Contact

CLICK HERE TO GET THE FOX NEWS APP

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.



Source link

The future of Ethereum scaling lies in hardware, not software

By
Reporters News Wire
-
0



Opinion by: Leo Fan, co-founder of Cysic

Running Ethereum today is like trying to play a modern game on a 1980s laptop — the outdated hardware would struggle to load, lag endlessly, and likely crash under the weight of new demands. Designed for a simpler blockchain era, Ethereum’s infrastructure can no longer keep up, processing just 10 to 62 transactions per second, far below the thousands needed for mainstream adoption. 

Meanwhile, with sub-second block times and near-zero fees, Solana enjoys growing mainstream popularity, which is evident in surging wallet downloads amid the TRUMP launch. Ethereum remains hindered by high gas fees and congestion, pushing users and developers to faster alternatives. 

Without addressing its scaling bottlenecks, Ethereum risks falling behind. While Ethereum’s layer-2 (L2) rollups have alleviated network congestion, they ultimately serve as stopgap measures that provide temporary relief. Software-first approaches are experiencing teething issues in interoperability and scalability, raising questions about Ethereum’s long-term sustainability and relevance. 

Many L2s are designed to fit the native network and cannot support real-time applications such as decentralized gaming or cross-border payments. Ethereum needs a fundamental shift if it wants to maintain its leadership in the blockchain space. The solution lies not in incremental software updates but in hardware acceleration. 

Aligning Ethereum’s vision with hardware

Vitalik Buterin’s Verge milestone envisions Ethereum achieving complete node verification on consumer-grade devices, a critical step toward the blockchain’s broader goals of accessibility and decentralization. Buterin has emphasized shifting from patchwork solutions to building a well-rounded computational infrastructure to realize this vision. Purpose-built hardware, such as application-specific integrated circuits (ASICs), is key: It enhances transaction processing speeds, reduces latency, and optimizes energy use. It lays the groundwork for sustainable Ethereum scaling, ensuring the network grows without compromising its core principles.

Recent: Is Ethereum bottoming out at last? Analysts weigh in

Ethereum’s Pectra upgrade also does not fully resolve its fundamental scaling challenges, highlighting the urgency for enhanced scalability and stability. The key optimizations introduced — account abstraction and enhanced validator operations — seek to refine Ethereum’s efficiency and user experience but do not significantly increase transaction throughput or reduce network latency. 

Ethereum risks falling behind without specialized hardware, weakening its position as a settlement layer for the blockchain community. Investing in hardware-native solutions will allow Ethereum to scale effectively while upholding its commitment to decentralization and supporting a growing user base.

Mainstream adoption and real-world applications

The effect of hardware scaling solutions extends far beyond Ethereum itself. TradFi players are exploring blockchain-based cross-border payments, which demand real-time processing. With scalability issues inherited from the home layer, L2s alone cannot scale effectively to cater to the sheer TradFi demand. Cross-border transactions hit $190.1 trillion in 2023 and are only expected to grow in 2025, indicating one thing: Hardware acceleration is indispensable in incentivizing institutional adoption of blockchain. 

Beyond finance, hardware optimization enhances blockchain utility across industries, accelerating mainstream adoption. A noteworthy example is healthcare, where accelerated blockchain infrastructure could improve the security and privacy of patient data. For gaming industries that rely on dynamic interactions, blockchain networks can help deliver real-time responses to user actions. 

The AI factor

Blockchain isn’t operating in isolation; it competes with computationally intensive industries, such as AI, the buzzword of 2024. The rise of AI has reshaped industries, but it is also becoming a fierce competitor to blockchain for electricity and equipment. Data centers like Hut 8 and Coin Scientific are prioritizing AI workloads, which can generate up to 25 times more revenue than Bitcoin (BTC) mining. These moves highlight the growing pressure on blockchain networks to optimize resource efficiency or risk being sidelined in the race for computational dominance. 

Critics claim that Ethereum is “dying a slow death.” Once the home of decentralized finance (DeFi) innovation, Ethereum’s scalability issues hinder its ability to compete with DeFAI. Ethereum must embrace purpose-built hardware to address its inefficient infrastructure, enable faster transactions, and reduce energy consumption. This way, Ethereum stands a chance to future-proof against AI developments and maintain its competitive edge for mainstream adoption. 

The time to invest in hardware is now

Ethereum has relied heavily on L2s to scale, but they remain temporary solutions that fail to meet the network’s fundamental operational demands. Hardware solutions are now non-negotiable for Ethereum to retain its position as a leader in blockchain innovation. From enabling seamless TradFi integrations to supporting real-time interactions in gaming and healthcare, purpose-built hardware resolves the root inefficiencies of Ethereum’s infrastructure. Without decisive investment in hardware acceleration, Ethereum risks stagnating while competitors rise. 

Ethereum doesn’t need another short-term patch. It requires a lasting solution. The next wave of blockchain adoption demands an infrastructure that can support it, which means investing in hardware now.

Opinion by: Leo Fan, co-founder of Cysic.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.