• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

Widespread Chrome Extensions Discovered Leaking Information through Unencrypted Connections

Admin by Admin
June 6, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


A current investigation has revealed that a number of extensively used Google Chrome extensions are transmitting delicate person information over unencrypted HTTP connections, exposing hundreds of thousands of customers to critical privateness and safety dangers.

The findings, revealed by cybersecurity researchers and detailed in a weblog put up by Symantec, reveal how extensions corresponding to:

PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl)

Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh)

MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl)

SEMRush Rank (ID: idbhoeaiokcojcgappfigpifhpkjgmab)

DualSafe Password Supervisor & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc)

There are different extensions as nicely which can be dealing with person information in ways in which open the door to eavesdropping, profiling, and different assaults.

Extensions That Promise Privateness Are Doing the Reverse

Though these extensions are professional and meant to assist customers monitor internet rankings, handle passwords, or enhance their looking expertise, behind the scenes, they’re making community requests with out encryption, permitting anybody on the identical community to see precisely what’s being despatched.

In some circumstances, this consists of particulars just like the domains a person visits, working system data, distinctive machine IDs, and telemetry information. Extra troubling, a number of extensions had been additionally discovered to have hardcoded API keys, secrets and techniques, and tokens inside their supply code which is a bit of useful data that attackers can simply exploit.

Actual Danger on Public Networks

When extensions transmit information utilizing HTTP fairly than HTTPS, the data travels throughout the community in plaintext. On a public Wi-Fi community, for instance, a malicious actor can intercept that information with little effort. Worse nonetheless, they will modify it mid-transit.

This opens the door to assaults that go far past spying. In response to Symantec’s weblog put up, within the case of Browsec VPN, a well-liked privacy-focused extension with over six million customers, the usage of an HTTP endpoint in the course of the uninstall course of sends person identifiers and utilization stats with out encryption. The extension’s configuration permits it to connect with insecure web sites, additional widening the assault floor.

Information Leaks Throughout the Board

Different extensions are responsible of comparable points. SEMRush Rank and PI Rank, each designed to point out web site recognition, had been discovered to ship full URLs of visited websites over HTTP to third-party servers. This makes it straightforward for a community observer to construct detailed logs of a person’s looking habits.

MSN New Tab and MSN Homepage, with a whole bunch of hundreds of customers, transmit machine IDs and different gadget particulars. These identifiers stay steady over time, permitting adversaries to hyperlink a number of periods and construct profiles that persist throughout looking exercise.

Even DualSafe Password Supervisor, which handles delicate data by nature, was caught sending telemetry information over HTTP. Whereas no passwords had been leaked, the truth that any a part of the extension makes use of unencrypted visitors raises issues about its total design.

Patrick Tiquet, Vice President, Safety & Structure at Keeper Safety commented on this, stating, “This incident highlights a crucial hole in extension safety – even widespread Chrome extensions can put customers in danger if builders minimize corners. Transmitting information over unencrypted HTTP and hard-coding secrets and techniques exposes customers to profiling, phishing and adversary-in-the-middle assaults – particularly on unsecured networks.“

He warned of penalties for unsuspecting customers and suggested that “Organizations ought to take speedy motion by imposing strict controls round browser extension utilization, managing secrets and techniques securely and monitoring for suspicious behaviour throughout endpoints.“

Privateness and Information Safety Menace

Though not one of the extensions had been discovered to leak passwords or monetary information straight, the publicity of machine identifiers, looking habits, and telemetry is much from innocent. Attackers can use this information to trace customers throughout web sites, ship focused phishing campaigns, or impersonate gadget telemetry for malicious functions.

Whereas theoretical, NordVPN’s newest findings noticed greater than 94 billion browser cookies on the darkish internet. When mixed with the information leaks highlighted by Symantec, the potential for harm is critical.

Builders who embody hardcoded API keys or secrets and techniques inside their extensions add one other layer of danger. If an attacker will get maintain of those credentials, they will misuse them to impersonate the extension, ship solid information, and even inflate service utilization resulting in monetary prices or account bans for the builders.

What Customers Can Do

Symantec has contacted the builders concerned, and solely DualSafe Password Supervisor has mounted the difficulty. But, customers who’ve put in any of the affected extensions are suggested to take away them till the builders repair the problems. Even widespread and well-reviewed extensions could make unsafe design decisions that go unnoticed for years.

Hckread.com recommends checking the permissions an extension asks for, avoiding unknown publishers, and utilizing a trusted safety resolution. Above all, any device that guarantees privateness or safety must be examined fastidiously for the way it handles your information.



Tags: ChromeConnectionsDataExtensionsleakingPopularUnencrypted
Admin

Admin

Next Post
CoPilot Platform: The Daybreak of a New Period in Coding and Software program Improvement

CoPilot Platform: The Daybreak of a New Period in Coding and Software program Improvement

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

May 17, 2025
Reconeyez Launches New Web site | SDM Journal

Reconeyez Launches New Web site | SDM Journal

May 15, 2025
Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

May 18, 2025
Flip Your Toilet Right into a Good Oasis

Flip Your Toilet Right into a Good Oasis

May 15, 2025
Apollo joins the Works With House Assistant Program

Apollo joins the Works With House Assistant Program

May 17, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How authorities cyber cuts will have an effect on you and your enterprise

How authorities cyber cuts will have an effect on you and your enterprise

July 9, 2025
Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

July 9, 2025
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved