2.3 Million Users Infected By Verified Chrome and Edge Extensions - 1

Image by Firmbee.com, from Unsplash

2.3 Million Users Infected By Verified Chrome and Edge Extensions

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A major security breach of browsers exposed more than 2.3 million users to malware, it did this through verified Chrome and Edge extensions that appeared safe.

In a rush? Here are the quick facts:

  • Malware was hidden in verified and featured extensions with legitimate functions.
  • Malware silently installed through updates after years of clean operation.
  • Extensions hijacked browsers, tracked activity, and redirected users to fake sites.

According to research from Koi Security , 18 extensions in a campaign dubbed RedDirection secretly hijacked browsers, tracked user activities, and enabled additional attacks through trusted interfaces.

The main extension responsible for the security breach was “Color Picker, Eyedropper — Geco colorpick.” The extension delivered its promised functionality by providing a complete color selection feature. The extension operated as a color selection tool, but it secretly tracked all websites users visited, transmitted URL data to command and control servers, and redirected users to fake websites.

“This isn’t some obvious scam extension thrown together in a weekend” the researchers wrote.

“This is a carefully crafted trojan horse that delivers exactly what it promises (a functional color picker) while simultaneously hijacking your browser, tracking every website you visit, and maintaining a persistent command and control backdoor. Not only that, but it remained legitimate for years before becoming malicious through a version update,’’ the researchers noted.

Indeed, the researchers explain how these extensions were clean for years before malicious code was added through silent version updates, a move that took advantage of Google and Microsoft’s trust systems, including verification badges and featured placements.

“This isn’t just another malware discovery,” researchers said. “It’s proof that the current marketplace security model is fundamentally broken,” the research team added.

The RedDirection campaign included popular extensions that functioned as emoji keyboards, video speed controllers, VPN proxies, and dark themes, which appeared and operated like standard tools. The extensions operated as a single network through their identical malware structures and command servers, to steal login details, banking information, and install additional malware.

Koi Security advises users to eliminate untrusted extensions, while performing browser data cleaning, malware scanning, and account monitoring. The discovery raises doubts about Chrome and Edge’s extension verification process, and the ability of users to trust installed extensions.

“This is a supply chain disaster,” researchers warned.

Tech Startup Battles OpenAI And Jony Ive Over Alleged Stolen AI Ideas - 2

Image by Levart_Photographer, from Unsplash

Tech Startup Battles OpenAI And Jony Ive Over Alleged Stolen AI Ideas

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

iyO’s legal battle with OpenAI and Jony Ive has intensified with new allegations that a former executive disclosed trade secrets to a rival design team.

In a rush? Here are the quick facts:

  • iyO is suing OpenAI and Jony Ive over trademark infringement.
  • iyO now accuses its ex-executive Dan Sargent of leaking trade secrets.
  • The disputed AI device aims to replace screens with voice-based interaction.

The AP reports that a California-based technology company iyO Inc. has started legal action against a former executive, adding a new twist to an ongoing legal feud with OpenAI and Apple designer Jony Ive. iyO Inc. had already filed a trademark infringement lawsuit against OpenAI and Jony Ive for their hardware startup named “io.”

The company now accuses ex-executive Dan Sargent of leaking its unreleased product design through a confidential sketch, after his departure from the company and his meeting with “io” co-founder Tang Yew Tan, who has worked with Jony Ive for many years. The AP notes that Sargent, who joined Apple after his departure from iyO in December, did not provide any statement regarding the lawsuit.

“This is not an action we take lightly,” said iyO founder and CEO Jason Rugolo, as reported by the AP. “Our primary goal here is not to target a former employee, whom we considered a friend, but to hold accountable those whom we believe preyed on him from a position of power,” he added.

At the center of the legal drama is the race to build a new kind of AI interface—one that doesn’t require screens or voice assistants. Rugolo pitched his earbud-like “audio computer” in 2022 to both Altman’s Apollo Projects and Ive’s design firm, but both passed, as noted by the AP. What Rugolo didn’t know, he says, was that the pair had already started quietly working on their own AI device.

“I’m happy to compete on product, but calling it the same name, that part is just amazing to me,” Rugolo said, as reported by the AP.

The “io” name choice by OpenAI’s Altman received criticism from Rugolo, who called it “silly” and “disappointing,” because it references computer input/output, as reported by the AP. The court has allowed iyO to proceed with its case, because the judge found sufficient evidence to move forward, and a hearing is scheduled for fall.