WhatRuns Browser Extension Compromised by Malicious Update Exfiltrating URLs and AI Chat Data
Key Takeaways
- ▸WhatRuns browser extension received a malicious update capable of stealing full URLs and AI chat data from users
- ▸The compromise represents a supply chain attack affecting a tool with significant user adoption
- ▸Browser extensions with broad data access permissions present significant security risks when compromised
Source:
Summary
A malicious update to the popular WhatRuns browser extension has been discovered, compromising user security by exfiltrating full URLs and AI chat conversations. The compromised extension, which helps users identify technologies used on websites, was distributed to an unknown number of users through what appears to be a supply chain attack. This incident highlights the vulnerability of widely-used browser extensions and the risks associated with third-party tools that collect browsing data. The extent of the breach and number of affected users remains unclear, though security researchers have documented the malicious behavior through video evidence.
- Users should review extension permissions and consider removing potentially compromised tools until official patches are released
