A New Twist on Old Tricks

A malicious extension made for Microsoft Edge is using Chrome native messaging to get around normal security checks. It lets the bad code talk directly to your system in ways extensions usually cannot.

This is not some far off threat. It targets regular folks who just want their browser to work without surprises.

How It Actually Works

The extension registers itself to use native messaging hosts. That feature normally lets extensions chat with desktop apps for legitimate reasons like password managers. Here the attackers twist it to run commands or pull data without extra permissions popping up.

Once active it can stay quiet while doing its thing in the background.

Why This Hits Home

Most people run Edge or Chrome every day for work email, banking, and shopping. When an extension abuses built in tools like this it puts your files and logins at risk without obvious signs.

You might install what looks like a harmless tool and never know it is phoning home or grabbing info.

Practical Steps to Take

• Review your installed extensions right now and remove anything you do not recognize.
• Stick to extensions from verified publishers with lots of reviews.
• Keep your browser updated so patches land fast.
• Use separate profiles for work and personal stuff when possible.

Simple habits like these cut down the odds a lot.

Bottom Line

Big tech keeps adding fancy features that sound great until someone figures out how to misuse them. This case shows why staying alert beats trusting every new extension that pops up.

Keep your guard up and your browser clean.

Source: https://cybersecuritynews.com/malicious-edge-extension-uses-chrome-native-messaging/amp/