LuminexJan 21
Fake Chrome extension called "NexShield" breaks your computer before it hits you with malware β€” how to stay safe
https://www.tomsguide.com/computing/online-security/fake-chrome-extension-breaks-your-computer-before-it-hits-you-with-malware-how-to-stay-safe
#ChromeWebStore #chrome_web_store #ChromeExtension #chrome_extension #google_chrome_extension #extension_chrome #Malware #Cybernews #BrowserExtension #browser_extension #MaliciousBrowserExtensions #malicious_browser_extensions #BrowserExtension #Browser_Extension #BrowserPrivacy #NexShield
hasambaDec 18

🎯 AI
===================

Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.

Technical details:
β€’ The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
β€’ Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
β€’ Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
β€’ Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
β€’ The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.

Analysis:
β€’ The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
β€’ Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.

Detection guidance:
β€’ Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
β€’ Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.

Limitations:
β€’ Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
β€’ No CVE identifiers or named threat actor attribution were provided in the disclosed findings.

References / Tags:
chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com

πŸ”Ή ai #privacy #browser_extension #data_exfiltration

πŸ”— Source: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions

Privacy browser extensions misled users and sold 8 million AI chat logs, exposing sensitive conversations for profit without consent.

LuminexDec 17
https://infosec.press/brunomiguel/is-mozilla-trying-hard-to-kill-itself
#Mozilla #Firefox #AdBlocker #OpenSource #FOSS #mozilla_firefox #mozillafirefox #mozillafoundation #firefox_ #FirefoxIsDead #firefoxaddons #ad_blocker #open_source #open_source_projects #Browser #BrowserExtension #browser_extension #BrowserExtensions #Browser_Extensions
πŸ“ Is Mozilla trying hard to kill itself?

In an interview with "The Verge", the new Mozilla CEO, Enzor-DeMeo, IMHO hints that axing adblockers is something that, at the very least...

Bruno's ramblings
Show threadLuminexNov 10

@pheonix AdNauseum, Decentraleyes, Dark Reader, Video Background Play Fix

What they do:
#AdNauseum : Is an ad-blocker but also fights back against advertising surveillance.
#Decentraleyes : Protects against tracking through "free", centralised content delivery.
#DarkReader : Dark mode for every website.
#VideoBackgroundPlayFix : Background playback on all sites (even the ones that don't want you to)

#browserextensions #browserextension #browser_extension #firefoxextensions #firefoxextension

 Hacker NewsMay 8, 2025
Show HN: Extension for full-text browser history search
https://rearview-ai.vercel.app/
#ycombinator #browser_extension #history_management #browsing_history #AI_assistant #full_text_search
Rearview - ε’žεΌΊδ½ ηš„ζ΅θ§ˆεŽ†ε²δ½“ιͺŒ

ζ”―ζŒι•ΏζœŸε­˜ε‚¨γ€ε…¨ζ–‡ζœη΄’γ€ζ—Άι—΄ηΊΏθ§†ε›Ύε’Œ AI εŠ©ζ‰‹εŠŸθƒ½ηš„ζ΅θ§ˆε™¨ζ‰©ε±•

bouncepaw's linksMar 27, 2024

DOM.js

3D DOM viewer, copy-paste this into your console to visualise the DOM topographically. - DOM3D.js

#browser_extension, #html, #javascript

3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.

3D DOM viewer, copy-paste this into your console to visualise the DOM topographically. - dom3d.js

Gist
 Hacker NewsMar 18, 2024
Microsoft again bothers Chrome users with Bing popup ads in Windows
https://www.bleepingcomputer.com/news/microsoft/microsoft-again-bothers-chrome-users-with-bing-popup-ads-in-windows/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Advertisement #Bing #Bing_Chat #Browser_Extension #Google #Google_Chrome #Microsoft #Search_Engine #virus_removal #malware_removal #computer_help #technical_support
Microsoft again bothers Chrome users with Bing popup ads in Windows

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform.

BleepingComputer
 Hacker NewsNov 10, 2023
Automa – Automate the browser by connecting blocks
https://www.automa.site/
#ycombinator #chrome #google_chrome #extensions #automa #browser_extension #extension #chrome_extension
Automa - An extension for browser automation

Automa is an extension for browser automation, from doing a repetitive task, auto-fill forms, taking a screenshot, or scraping website data β€” the choice is yours.

 Hacker NewsSep 4, 2023
Chrome extensions can steal plaintext passwords from websites
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Browser_Extension #Chrome_extension #Chrome_Extension_Manifest_V3 #Extensions #Passwords #Plaintext_Password #virus_removal #malware_removal #computer_help #technical_support
Chrome extensions can steal plaintext passwords from websites

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.

BleepingComputer