Techly NewsGet the app

Get the latest tech news

Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials


Malicious Chrome extensions dubbed "polymorphic" impersonate legitimate extensions such as password managers to steal credentials.

Security researchers at SquareX Labs uncovered this technique, which allows attackers to clone any installed extension’s icon, interface, and functionality while temporarily disabling the legitimate version. The attack targets popular Chromium-based browsers, including Google Chrome and Microsoft Edge, posing a serious risk to users relying on extensions for password management, financial transactions, and other sensitive tasks. However, SquareX has proposed several countermeasures for Google Chrome, including restricting sudden extension icon and HTML changes or introducing user notifications when such changes occur.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of credentials

credentials

Related news:

News photo

Cisco warns of Webex for BroadWorks flaw exposing credentials

News photo

Hackers spoof Microsoft ADFS login pages to steal credentials

News photo

VMware plugs steal-my-credentials holes in Cloud Foundation

« Investors Want a Piece of DeepSeek. Its Founder Says Not Now
Showcase your innovation — exhibit at TechCrunch Sessions: AI »