Google Chrome Warning—One Click Loses All Your Passwords

A new report from SquareX highlights a critical vulnerability in Google Chrome and other Chromium-based browsers, where malicious extensions can impersonate legitimate ones, putting sensitive data at risk. These polymorphic extensions can mimic password managers, crypto wallets, and banking apps, tricking users into providing credentials that attackers can then exploit. The attack involves users being deceived into installing seemingly benign extensions that later change form to replicate trusted apps, making detection difficult due to their pixel-perfect replication of icons and workflows.

The attack method involves using the chrome.management API or web resource hitting to identify installed extensions, such as 1Password, and then temporarily disabling them to impersonate them. Once the user unknowingly enters their credentials into the fake extension, the information is sent to the attacker, who can then access all stored passwords and sensitive data. This vulnerability cannot be patched by updating the browser, as it exploits legitimate Chrome functionality, highlighting the need for a significant overhaul to prevent such attacks.

Key takeaways:

A new vulnerability in Google Chrome and other Chromium browsers allows malicious extensions to impersonate any installed extension, putting sensitive data at risk.
The attack involves tricking users into installing a benign-looking extension that later mimics sensitive apps like password managers and crypto wallets.
The malicious extension uses techniques like web resource hitting to detect and impersonate target extensions, stealing credentials and sensitive information.
The attack exploits legitimate Chrome functionality, making it difficult to patch, and highlights the risk of relying on visual cues for security confirmation.

Google Chrome Warning—One Click Loses All Your Passwords

Key takeaways:

Comments (0)

Newsletter