Tootfinder

The security company LayerX has found a critical vulnerability in Anthropic’s Claude Desktop Extensions (DXT). A manipulated Google Calendar entry can execute arbitrary code on the computer without any user interaction. Although the vulnerability received the highest possible severity rating of 10 out of 10 on the common CVSS, Anthropic does not intend to fix the problem for the time being:

Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability - LayerX
  Summary: LayerX discovered a zero-click remote code execution (RCE) vulnerability in Claude Desktop Extensions (DXT), in which a single Google Calendar event can silently compromise a system running Claude Desktop Extensions. The flaw impacts more than 10,000 active users and 50 DXT extensions.  Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full […]

«Über 100 Erweiterungen — Schädliche Chrome-Extensions greifen Nutzerdaten ab:
Im Chrome Web Store verbreiten Cyberkriminelle über 100 schädliche Erweiterungen, die Nutzerkonten und Daten stehlen. Die Tools sind Teil einer koordinierten Kampagne mit gemeinsamer Infrastruktur.»
Ein Argument mehr um Chrome zu vermeiden und egal auf welchem Browser nicht blind jegliche Plugins nutzen. Seit Jahr(zent)en ein Thema.
😈

Every time you visit LinkedIn in Chrome, a hidden routine silently probes your browser for more than 6,000 installed extensions, collects 48 hardware and software characteristics about your device, encrypts the resulting fingerprint, and attaches it to every API request you make during your session.
https://

LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told
In short: Every time you visit LinkedIn in a Chrome-based browser, a hidden JavaScript routine silently probes your browser for more than 6,000 installed extensions, collects 48 hardware and software characteristics about your device, encrypts the resulting fingerprint, and attaches it to every API request you make during your session. The practice, labelled “BrowserGate” by researchers, […]

are folks actually using this feature? seems like a wild risk of security exposure to give it unfettered access to all of your web sessions/tokens https://claude.com/claude-for-chrome
thinking about how this interacts with password manager browser extensions that automatically log-in to various site…

Professional networking platform LinkedIn has been quietly collecting detailed information about users' devices and installed browser extensions, a new security report has alleged.
https://www.

LinkedIn accused of covert data collection in 'BrowserGate' report
Professional networking platform LinkedIn has been quietly collecting detailed information about users' devices and installed browser extensions, a new security report has alleged.

« WebinarTV is actively scraping and redistributing both public and private Zoom webinars without knowledge or consent of organizers. Initial access is typically gained through third-party browser extensions such as AI-powered transcription or auto-join tools »
https://cyberalberta.ca/zo…

Zooming Out: WebinarTV’s Rampant Scraping of Online Meetings
Zooming Out: WebinarTV’s Rampant Scraping of Online Meetings

We need one of those cloud-to-butt browser extensions that replaces every occurrence of “AI” with “artificial insemination”
#cloud #butt #ai

LinkedIn. Netzwerk für Business-Kasper — und offenbar auch stiller Datenstaubsauger.
🔴 Wer sich verifiziert, gibt Reisepass Biometrie an ein US-Unternehmen weiter. Haftung bei Datenpanne: 50 Dollar.
🔴 Und bei jedem Besuch scannt LinkedIn deinen Chrome-Browser — 6.000 Extensions, ohne dein Wissen. Klage läuft am LG München.
https://…

I pray for the devs of browser extensions that have active audiences, shits gotta be exhausting.

RE: https://mastodon.social/@campuscodi/115952799623237972
Catalin makes a good point here: if you can, you should try to actively manage the browser extensions your business users are allowed to install. There are multiple ways to do this on Windows, u…