loading

197551 author: Rusty@cubhub.social 06 Mar 20:58
tags: #brave #bravebrowser #chrome #chromium #firefox #foss #google #mozilla

Mind you, this still isn't a good excuse to use a Chromium-based browser.

And for all you people using Brave out there, well :corgi_wtf1: 🖕 Brave is run by this guy who hates queer people and believes conspiracy theories about Covid, so maybe don't use his shitty browser that's been caught injecting affiliate links.

197549 author: Rusty@cubhub.social 06 Mar 20:09
tags: #chrome #chromium #firefox #foss #google #mozilla

Me: Please don't use Chromium-based browsers, use Firefox instead. Google has way too much control over the web because of Chromium and they'll be sure to leverage that in order to benefit themselves.

Chromium: Hey all, we're getting rid of ad-blockers because it's cutting into our record-breaking revenue! I mean, uh, we're deprecating Manifest V2 for, uh, security. Yeah.

Me: See? Please use Firefox. :blobfoxmeltsob:

Mozilla: Hey friends, AI is really cool! *steps on rake* Hey friends, we're making an ads business! *steps on rake* Hey friends, we have a ToS with either the most nefarious or the most incompetent language ever! *steps on rake* Also AI is cool!!!

Me: ... :corgi_wtf1: I hate it here.

142967 author: Walker@infosec.exchange 02 Jan 2025 20:14
tags: #chrome #malware #supplychain #threatintel

Malicious parties have taken over popular Chrome plugins to push malware.

I can confirm it is not just Cyberhaven plugin. We dont have a list of impacted plugins, just reports of machines reaching out to the reported malicious domains. Still gathering informaiton.

https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates

https://x.com/jaimeblascob/status/1872445912175534278

106831 author: jon@social.vivaldi.net 16 Nov 2024 16:43
(no title)
tags: #android #browser #chrome #edge #firefox #ios #linux #macos #opera #safari #vivaldi #windows

95297 author: gnyman@infosec.exchange 02 Nov 2024 12:49
tags: #chrome #extension
to: https://infosec.exchange/users/WPalant https://infosec.exchange/users/c0m4r https://mastodon.social/users/campuscodi

Ugh, the #chrome #extension ecosystem is exactly as bad as I'd expect.

And the fact extension is still up claiming not to collect any data even if it has been called out in one of the biggest security newsletters shows how much Google care about this (not much). The only thing they care about is pretending to ship AI features to detect malicious extensions. Because that's how you get promoted.

I mean is it even possible to report a suspicious or bad extension? I don't see anywhere

Great research by @WPalant and @c0m4r

And @campuscodi for putting the spotlight on it.

Text from screenshot: Chrome extension turns malicious: A popular Google Chrome extension with more than 100,000 installs has now turned malicious. The Hide YouTube Shorts extension is performing affiliate fraud and collecting the browsing history of all its users. Security researchers say the extension appears to have turned malicious after it was transferred to a new developer.

Text in screenshot from the extension store: Privacy

The developer has disclosed that it will not collect or use your data.
This developer declares that your data is

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes