EXECUTIVE SUMMARY
A recent investigation revealed that previously legitimate Chrome extensions became malicious following an ownership transfer, enabling attackers to inject remote code, steal sensitive browser data, and distrib-ute malware through deceptive update prompts. This incident highlights the growing browser extension supply-chain risk, where trusted extensions can be weaponized through malicious updates and silently compromise existing users.
- Active Region: Global
- Affected Sector: All sectors using Google Chrome browser
- Affected Product: Google Chrome browser extensions – QuickLens – Search Screen with Google Lens and ShotBird – Scrolling Screenshots, Tweet Images & Editor
- Severity: High
- Published Date: March 09, 2026
TECHNICAL DETAILS
- Target: Google Chrome users, including enterprise and individual users, who have installed the affected extensions (QuickLens and ShotBird).
- Root Cause: A malicious update was introduced following the transfer of extension ownership, allowing threat actors to modify the extension code. The update enabled the delivery of remote JavaScript payloads from attacker-controlled infrastructure, potentially facilitating data exfiltration and unauthorized browser activity.
- Attack Technique: The compromised extensions abused Chrome extension permissions to access browser sessions, capture sensitive data, and dynamically……
