🟠 High | Source: The Hacker News
A Chrome extension called ‘Adblock for YouTube’ with over 10 million installs has been found to contain hidden functionality capable of injecting and executing arbitrary JavaScript code in users’ browsers. The extension carries a ‘Featured’ badge on the Chrome Web Store, lending it a false sense of legitimacy. This represents a significant supply-chain risk, as the dormant capability could be activated remotely to steal credentials, exfiltrate data, or compromise corporate environments.
Security Architect’s Take: Audit and restrict browser extensions permitted within your organisation via Chrome Enterprise policies or a Secure Access Service Edge (SASE) solution — specifically blocklist the extension ID cmedhionkhpnakcndndgjdbohmhepckk and review endpoint telemetry for any prior installations, particularly on devices with access to sensitive cloud consoles or SaaS platforms.
Original advisory: Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability