The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Wannabe Kim Kardashian died from lethal butt injections. Her injector was just convicted

A Florida woman was convicted in connection with the death of a social media model to whom she had given silicone injections, ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
GitHub

coding-agent: avoid command injection when opening OAuth URL

coding-agent currently opens OAuth URLs in the login dialog with an exec() command string. Because the URL is interpolated into a shell command, a crafted URL can break out of quoting and execute ...
ZDNet

This critical Chrome browser vulnerability lets malicious extensions spy on your PC

Researchers found a high-severity bug in Chrome's Gemini feature. It grants extensions the ability to spy on you or steal your data. Update now. A new vulnerability impacting Google Chrome's Gemini ...