Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Cybersecurity experts have identified several popular Google Chrome extensions that leak sensitive data over unencrypted HTTP connections and contain hard-coded secrets, posing significant security risks. Users are advised to remove these extensions until developers address these vulnerabilities to protect their privacy and security. #GoogleChromeExtensions #HTTPDataLeak #HardCodedSecrets

Keypoints

Multiple widely used Chrome extensions transmit sensitive data over HTTP, exposing user information.
Unencrypted network traffic makes these extensions vulnerable to man-in-the-middle attacks.
Some extensions embed API keys, secrets, and tokens directly in their JavaScript code, risking malicious use.
Experts recommend switching to HTTPS, secure credential management, and regular secret rotation to mitigate risks.
Even popular extensions with large user bases can suffer from security misconfigurations, jeopardizing user data.

Tags: CRYPTO, VPN, TOOL, LEAK, BROWSER, CREDENTIAL, PASSWORD, PHISHING