๐ฏA recent flaw in Google Chrome allowed bad guys to create fake extensions that could steal your information. Google has fixed this, but now there's a new worry: smart AI can help hackers make even better attacks. So, it's super important to keep your browser updated and be careful about what extensions you install.
What Happened
A serious security flaw in Google Chrome has just been patched, but it could have allowed attackers to gain access to your local files. Tracked as CVE-2026-0628, this vulnerability had a high CVSS score of 8.8, indicating its severity. Researchers found that the issue stemmed from insufficient policy enforcement in the WebView tag, a crucial component of how Chrome handles web content.
In addition to CVE-2026-0628, Google has addressed two critical vulnerabilities in its latest update: CVE-2026-5858 and CVE-2026-5859. Both vulnerabilities can allow remote attackers to execute arbitrary code on targeted systems, significantly increasing the risk to users. CVE-2026-5858 is a heap buffer overflow in the Web Machine Learning API, while CVE-2026-5859 is an integer overflow in the same API. These vulnerabilities can be exploited via specially crafted HTML pages, allowing attackers to corrupt memory and potentially take control of the browser.
In a concerning development, researchers have uncovered a campaign involving 108 malicious Chrome extensions that collectively affect around 20,000 users. These extensions, published under five distinct identities โ GameGen, InterAlt, SideGames, Rodeo Games, and Yana Project โ are spread across categories such as gaming, social media tools, and translation utilities. They appear legitimate but secretly collect sensitive data and deploy backdoors. Notably, 54 of these extensions exploit OAuth2 to steal Google account identities, while others engage in injecting ads and arbitrary JavaScript into visited web pages. The malicious extensions communicate with a single command-and-control infrastructure, enabling operators to aggregate stolen information in one place.
Specific malicious behaviors include the exfiltration of Google account details, hijacking Telegram sessions, and injecting unwanted ads into browsers. Some extensions were designed to replace active Telegram sessions with those controlled by attackers, compromising user privacy significantly. This coordinated campaign is particularly alarming due to its breadth, with all extensions linked to a single operator through shared cloud resources and overlapping account identifiers. Some extensions have been identified to capture active web sessions every 15 seconds, allowing full account access without passwords or multi-factor authentication (MFA). Many operate continuously in the background, complicating detection efforts.
Adding to the urgency, a recent experiment showcased how advancements in AI, specifically the Claude Opus model, have made it easier to develop functional exploit code targeting vulnerabilities in Chrome. A researcher successfully created an exploit chain that leveraged existing vulnerabilities in the V8 JavaScript engine, demonstrating how AI can automate the exploit development process. This raises concerns about the shrinking patch window, as AI models can generate sophisticated exploits, potentially empowering less experienced attackers to compromise systems more easily.
Socket, a cybersecurity firm, reported that half of the malicious extensions were designed to steal Google accounts via OAuth2, while 45 of them contained a universal backdoor that opens arbitrary URLs upon browser startup. This means that the malicious code can execute without user interaction, making detection even more challenging. Google acted quickly, rolling out a patch in early January 2026 to close this security gap.
Why Should You Care
You might think that a flaw like this only affects tech-savvy users, but thatโs not true. If you use Chrome for browsing, shopping, or even just checking your email, youโre at risk. Imagine leaving your front door unlocked; it only takes one opportunistic burglar to walk in. This vulnerability could have let bad actors do just that with your files. Your personal data, including passwords and financial information, could be exposed if you had the wrong extension installed. With the new findings about malicious extensions and the rise of AI-generated exploits, the risk is even higher. Itโs essential to be vigilant about the extensions you add to your browser. Always check reviews and permissions before installing anything.
What's Being Done
Google has responded promptly by patching the vulnerability, but users need to take action as well. Here are a few steps you should consider:
- Update your Chrome browser to the latest version to ensure you have the patch.
- Review your installed extensions and remove any that look suspicious or that you donโt use. Be particularly cautious about extensions that request excessive permissions.
- Log out of all Telegram Web sessions via the Telegram mobile app if you have installed any Telegram-related extensions, as attackers may have already hijacked them.
- Stay informed about future vulnerabilities to protect yourself better. Recent reports indicate that malicious extensions are actively targeting users, so awareness is key.
Experts are now watching for any signs of exploitation attempts using this vulnerability and the newly discovered extensions. Keeping your software up to date is your best defense against these threats.
The intersection of AI and cybersecurity is becoming increasingly concerning, as tools like Claude Opus can automate exploit development, potentially lowering the barrier for attackers. This underscores the importance of timely patching and user vigilance.
