• About TC
  • Affiliate Disclaimer
  • Privacy Policy
  • TOS
  • Contact
Tuesday, June 10, 2025
Techcratic
  • TC
  • AI
    Artificial Intelligence

    7 Python Errors That Are Actually Features

    Artificial Intelligence

    10 Awesome OCR Models for 2025

    Artificial Intelligence

    5 Error Handling Patterns in Python (Beyond Try-Except)

    Artificial Intelligence

    Top 5 Alternative Data Career Paths and How to Learn Them for Free

    Artificial Intelligence

    Implementing Machine Learning Pipelines with Apache Spark

    Artificial Intelligence

    Learn Power BI for Free This Week

    Artificial Intelligence

    Build GraphRAG applications using Amazon Bedrock Knowledge Bases

    Artificial Intelligence

    How to Use Deep Research Like a Pro

    Artificial Intelligence

    World-Consistent Video Diffusion With Explicit 3D Modeling

  • Crypto
    No One Fell for It: Paraguay’s Bitcoin Legal Tender Announcement Was a Zero-Sum Hack

    No One Fell for It: Paraguay’s Bitcoin Legal Tender Announcement Was a Zero-Sum Hack

    Pi Network Dives Toward $1 – Here’s Why Investors Are Nervous

    XRP Price to Pump With Golden Cross and Long-Term Holder Data

    Franklin Templeton Debuts Second-by-Second ‘Intraday Yield’ on Blockchain Platform

    Franklin Templeton Debuts Second-by-Second ‘Intraday Yield’ on Blockchain Platform

    Bitcoin ETFs Bounce Back With $386 Million Inflow as Ether ETFs Maintain Bull Run

    Bitcoin ETFs Bounce Back With $386 Million Inflow as Ether ETFs Maintain Bull Run

    Bitcoin Core Developers Merge Controversial Policy Changes: Is a Fork Ahead?

    Bitcoin Core Developers Merge Controversial Policy Changes: Is a Fork Ahead?

    Crypto to “Become Part of All Sectors” Under Trump: Kevin O’Leary

    Russian Crypto CEO Charged in $530M Laundering Fraud

    Bitcoin’s $200K Price Forecast ‘Conservative,’ Says Bernstein

    Bitcoin’s $200K Price Forecast ‘Conservative,’ Says Bernstein

    Ripple Backs XRP Ledger Startups in Japan With up to $200K per Project

    Ripple Backs XRP Ledger Startups in Japan With up to $200K per Project

    Publicly Traded Firm KULR Acquires 118.6 Bitcoin, Treasury Reaches 920 BTC

    Publicly Traded Firm KULR Acquires 118.6 Bitcoin, Treasury Reaches 920 BTC

  • Cybersecurity
    Cybersecurity

    Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

    Cybersecurity

    Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

    Cybersecurity

    Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

    Cybersecurity

    CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

    Cybersecurity

    Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025

    Cybersecurity

    Empower Users and Protect Against GenAI Data Loss

    Cybersecurity

    Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

    Cybersecurity

    Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

    Cybersecurity

    Why Traditional DLP Solutions Fail in the Browser Era

  • Deals
    Cable Matters 10Gbps Short USB C to Micro USB 3.0 Cable – 1ft, USB-C Hard Drive Cable,…

    Cable Matters 10Gbps Short USB C to Micro USB 3.0 Cable – 1ft, USB-C Hard Drive Cable,…

    HP Samsung Electronics CLT-M406S Toner, Magenta

    HP Samsung Electronics CLT-M406S Toner, Magenta

    SAMSUNG Galaxy S23 FE 5G, US Version, 128GB, Black – Unlocked (Renewed)

    SAMSUNG Galaxy S23 FE 5G, US Version, 128GB, Black – Unlocked (Renewed)

    LaCie Rugged SSD 1TB, Externe SSD, voor Mac & PC, USB-C, Schok- Regen- en drukbestendig,…

    LaCie Rugged SSD 1TB, Externe SSD, voor Mac & PC, USB-C, Schok- Regen- en drukbestendig,…

    Kingspec 44PIN IDE PATA MLC 2GB 4GB 8GB 16GB 32GB DOM SSD Disk On Module For Network…

    Kingspec 44PIN IDE PATA MLC 2GB 4GB 8GB 16GB 32GB DOM SSD Disk On Module For Network…

    GD90 Mini PC, 12th Gen Intel i9-12900HK(14C/20T), 32GB DDR4 RAM 1TB SSD Desktop Mini…

    GD90 Mini PC, 12th Gen Intel i9-12900HK(14C/20T), 32GB DDR4 RAM 1TB SSD Desktop Mini…

    Hitachi MAF0058 Mass Air Flow Sensor

    Hitachi MAF0058 Mass Air Flow Sensor

    Canon PG-245 Genuine Black Ink Cartridge, Compatible with iP2820,…

    Canon PG-245 Genuine Black Ink Cartridge, Compatible with iP2820,…

    GTRACING Gaming Chair with Footrest Speakers Video Game Chair Bluetooth Music Heavy Duty…

    GTRACING Gaming Chair with Footrest Speakers Video Game Chair Bluetooth Music Heavy Duty…

  • Gaming
    The D&D Movie IS NOT WOKE!  A Review

    The D&D Movie IS NOT WOKE! A Review

    The Legends of Zelda BOTW Switch 2 – Final Boss and Ending (4K60FPS)

    The Legends of Zelda BOTW Switch 2 – Final Boss and Ending (4K60FPS)

    The Legend of Zelda Breath of the Wild Walkthrough Part 7 (E3 2016 Gameplay)

    The Legend of Zelda Breath of the Wild Walkthrough Part 7 (E3 2016 Gameplay)

    Blue Lion Supercomputer Will Run on NVIDIA Vera Rubin

    Blue Lion Supercomputer Will Run on NVIDIA Vera Rubin

    BOTW – Breadcrumbs – Walkthrough 68, pt. 7 (Sasa Kai Shrine)

    BOTW – Breadcrumbs – Walkthrough 68, pt. 7 (Sasa Kai Shrine)

    Yellow Wind Sage Boss Theme | Black Myth: Wukong

    Yellow Wind Sage Boss Theme | Black Myth: Wukong

    Baldurs Gate 3 REVIEW (In Progress) – My Brutally Honest Opinion & Is It Worth It? (BG3 Review)

    Baldurs Gate 3 REVIEW (In Progress) – My Brutally Honest Opinion & Is It Worth It? (BG3 Review)

    Cisco and NVIDIA Advance Security for Enterprise AI Factories

    Cisco and NVIDIA Advance Security for Enterprise AI Factories

    The Callisto Protocol Game Review! (Is It Good???)

    The Callisto Protocol Game Review! (Is It Good???)

  • Tesla
    2 Pack For Tesla Model X 2017-2024 Front/Back Under Seat Storage Organizer,TPE…

    2 Pack For Tesla Model X 2017-2024 Front/Back Under Seat Storage Organizer,TPE…

    GOOACC 200PCS Car Plastic Rivets Fasteners Push Retainer Kit, 10 Most Popular Sizes Auto…

    GOOACC 200PCS Car Plastic Rivets Fasteners Push Retainer Kit, 10 Most Popular Sizes Auto…

    Tera Electric Vehicle Charger Tesla: ETL Certified Level 2 48 Amp 240 Volt DIY Stickers…

    Tera Electric Vehicle Charger Tesla: ETL Certified Level 2 48 Amp 240 Volt DIY Stickers…

    Tesla (TSLA) sales are crashing in China, and things are about to get worse

    Tesla (TSLA) sales are crashing in China, and things are about to get worse

    Lifting Jack Pad for Model 3/Y/S/X,4 PCS Jack Pad with Tire Repair Tool & Storage Box,…

    Lifting Jack Pad for Model 3/Y/S/X,4 PCS Jack Pad with Tire Repair Tool & Storage Box,…

    j Junsun Portable Electric Car Charger Level 2 EV Charger 32A 240V for Tesla 21ft Cable…

    j Junsun Portable Electric Car Charger Level 2 EV Charger 32A 240V for Tesla 21ft Cable…

    Model Y Mud Flaps for Tesla Model Y Accessories 2024 Mud Flaps Tire Splash Guards fit…

    Model Y Mud Flaps for Tesla Model Y Accessories 2024 Mud Flaps Tire Splash Guards fit…

    Tesla CCS Adapter, Fast and Efficient Charging Adapter for Tesla Model 3 Y S X, Portable…

    Tesla CCS Adapter, Fast and Efficient Charging Adapter for Tesla Model 3 Y S X, Portable…

    4 PCS LED Reverse Lights, 4014 45SMD 6500K 800LM High Bright Brake Light Turn Signal…

    4 PCS LED Reverse Lights, 4014 45SMD 6500K 800LM High Bright Brake Light Turn Signal…

  • UFO
    History Classics: UFOs & Aliens

    History Classics: UFOs & Aliens

    Mysteries Of Ancient Aliens According To Hinduism || #shorts || #youtube || #religion ||

    Mysteries Of Ancient Aliens According To Hinduism || #shorts || #youtube || #religion ||

    The Light Gate Welcomes Rafael Lugo, Contactee, August 21st, 2023

    The Light Gate Welcomes Rafael Lugo, Contactee, August 21st, 2023

    FOCO NFL Mens Football Team Logo Moccasin Slippers Shoes

    FOCO NFL Mens Football Team Logo Moccasin Slippers Shoes

    Horrifying Encounter While Truck Driving #scary #paranormal

    Horrifying Encounter While Truck Driving #scary #paranormal

    Vintage Gators Personalized Name Apparel Retro Classic T-Shirt

    Vintage Gators Personalized Name Apparel Retro Classic T-Shirt

    Pop Culture Conspiracy Theories! Taylor Swift, BRAT, and The Simpson Predictions!

    Pop Culture Conspiracy Theories! Taylor Swift, BRAT, and The Simpson Predictions!

    Mufon and Ufos: The Proof is Out There [DVD]

    Mufon and Ufos: The Proof is Out There [DVD]

    Unidentified Flying Objects

    Unidentified Flying Objects

No Result
View All Result
  • TC
  • AI
    Artificial Intelligence

    7 Python Errors That Are Actually Features

    Artificial Intelligence

    10 Awesome OCR Models for 2025

    Artificial Intelligence

    5 Error Handling Patterns in Python (Beyond Try-Except)

    Artificial Intelligence

    Top 5 Alternative Data Career Paths and How to Learn Them for Free

    Artificial Intelligence

    Implementing Machine Learning Pipelines with Apache Spark

    Artificial Intelligence

    Learn Power BI for Free This Week

    Artificial Intelligence

    Build GraphRAG applications using Amazon Bedrock Knowledge Bases

    Artificial Intelligence

    How to Use Deep Research Like a Pro

    Artificial Intelligence

    World-Consistent Video Diffusion With Explicit 3D Modeling

  • Crypto
    No One Fell for It: Paraguay’s Bitcoin Legal Tender Announcement Was a Zero-Sum Hack

    No One Fell for It: Paraguay’s Bitcoin Legal Tender Announcement Was a Zero-Sum Hack

    Pi Network Dives Toward $1 – Here’s Why Investors Are Nervous

    XRP Price to Pump With Golden Cross and Long-Term Holder Data

    Franklin Templeton Debuts Second-by-Second ‘Intraday Yield’ on Blockchain Platform

    Franklin Templeton Debuts Second-by-Second ‘Intraday Yield’ on Blockchain Platform

    Bitcoin ETFs Bounce Back With $386 Million Inflow as Ether ETFs Maintain Bull Run

    Bitcoin ETFs Bounce Back With $386 Million Inflow as Ether ETFs Maintain Bull Run

    Bitcoin Core Developers Merge Controversial Policy Changes: Is a Fork Ahead?

    Bitcoin Core Developers Merge Controversial Policy Changes: Is a Fork Ahead?

    Crypto to “Become Part of All Sectors” Under Trump: Kevin O’Leary

    Russian Crypto CEO Charged in $530M Laundering Fraud

    Bitcoin’s $200K Price Forecast ‘Conservative,’ Says Bernstein

    Bitcoin’s $200K Price Forecast ‘Conservative,’ Says Bernstein

    Ripple Backs XRP Ledger Startups in Japan With up to $200K per Project

    Ripple Backs XRP Ledger Startups in Japan With up to $200K per Project

    Publicly Traded Firm KULR Acquires 118.6 Bitcoin, Treasury Reaches 920 BTC

    Publicly Traded Firm KULR Acquires 118.6 Bitcoin, Treasury Reaches 920 BTC

  • Cybersecurity
    Cybersecurity

    Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

    Cybersecurity

    Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

    Cybersecurity

    Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

    Cybersecurity

    CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

    Cybersecurity

    Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025

    Cybersecurity

    Empower Users and Protect Against GenAI Data Loss

    Cybersecurity

    Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

    Cybersecurity

    Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

    Cybersecurity

    Why Traditional DLP Solutions Fail in the Browser Era

  • Deals
    Cable Matters 10Gbps Short USB C to Micro USB 3.0 Cable – 1ft, USB-C Hard Drive Cable,…

    Cable Matters 10Gbps Short USB C to Micro USB 3.0 Cable – 1ft, USB-C Hard Drive Cable,…

    HP Samsung Electronics CLT-M406S Toner, Magenta

    HP Samsung Electronics CLT-M406S Toner, Magenta

    SAMSUNG Galaxy S23 FE 5G, US Version, 128GB, Black – Unlocked (Renewed)

    SAMSUNG Galaxy S23 FE 5G, US Version, 128GB, Black – Unlocked (Renewed)

    LaCie Rugged SSD 1TB, Externe SSD, voor Mac & PC, USB-C, Schok- Regen- en drukbestendig,…

    LaCie Rugged SSD 1TB, Externe SSD, voor Mac & PC, USB-C, Schok- Regen- en drukbestendig,…

    Kingspec 44PIN IDE PATA MLC 2GB 4GB 8GB 16GB 32GB DOM SSD Disk On Module For Network…

    Kingspec 44PIN IDE PATA MLC 2GB 4GB 8GB 16GB 32GB DOM SSD Disk On Module For Network…

    GD90 Mini PC, 12th Gen Intel i9-12900HK(14C/20T), 32GB DDR4 RAM 1TB SSD Desktop Mini…

    GD90 Mini PC, 12th Gen Intel i9-12900HK(14C/20T), 32GB DDR4 RAM 1TB SSD Desktop Mini…

    Hitachi MAF0058 Mass Air Flow Sensor

    Hitachi MAF0058 Mass Air Flow Sensor

    Canon PG-245 Genuine Black Ink Cartridge, Compatible with iP2820,…

    Canon PG-245 Genuine Black Ink Cartridge, Compatible with iP2820,…

    GTRACING Gaming Chair with Footrest Speakers Video Game Chair Bluetooth Music Heavy Duty…

    GTRACING Gaming Chair with Footrest Speakers Video Game Chair Bluetooth Music Heavy Duty…

  • Gaming
    The D&D Movie IS NOT WOKE!  A Review

    The D&D Movie IS NOT WOKE! A Review

    The Legends of Zelda BOTW Switch 2 – Final Boss and Ending (4K60FPS)

    The Legends of Zelda BOTW Switch 2 – Final Boss and Ending (4K60FPS)

    The Legend of Zelda Breath of the Wild Walkthrough Part 7 (E3 2016 Gameplay)

    The Legend of Zelda Breath of the Wild Walkthrough Part 7 (E3 2016 Gameplay)

    Blue Lion Supercomputer Will Run on NVIDIA Vera Rubin

    Blue Lion Supercomputer Will Run on NVIDIA Vera Rubin

    BOTW – Breadcrumbs – Walkthrough 68, pt. 7 (Sasa Kai Shrine)

    BOTW – Breadcrumbs – Walkthrough 68, pt. 7 (Sasa Kai Shrine)

    Yellow Wind Sage Boss Theme | Black Myth: Wukong

    Yellow Wind Sage Boss Theme | Black Myth: Wukong

    Baldurs Gate 3 REVIEW (In Progress) – My Brutally Honest Opinion & Is It Worth It? (BG3 Review)

    Baldurs Gate 3 REVIEW (In Progress) – My Brutally Honest Opinion & Is It Worth It? (BG3 Review)

    Cisco and NVIDIA Advance Security for Enterprise AI Factories

    Cisco and NVIDIA Advance Security for Enterprise AI Factories

    The Callisto Protocol Game Review! (Is It Good???)

    The Callisto Protocol Game Review! (Is It Good???)

  • Tesla
    2 Pack For Tesla Model X 2017-2024 Front/Back Under Seat Storage Organizer,TPE…

    2 Pack For Tesla Model X 2017-2024 Front/Back Under Seat Storage Organizer,TPE…

    GOOACC 200PCS Car Plastic Rivets Fasteners Push Retainer Kit, 10 Most Popular Sizes Auto…

    GOOACC 200PCS Car Plastic Rivets Fasteners Push Retainer Kit, 10 Most Popular Sizes Auto…

    Tera Electric Vehicle Charger Tesla: ETL Certified Level 2 48 Amp 240 Volt DIY Stickers…

    Tera Electric Vehicle Charger Tesla: ETL Certified Level 2 48 Amp 240 Volt DIY Stickers…

    Tesla (TSLA) sales are crashing in China, and things are about to get worse

    Tesla (TSLA) sales are crashing in China, and things are about to get worse

    Lifting Jack Pad for Model 3/Y/S/X,4 PCS Jack Pad with Tire Repair Tool & Storage Box,…

    Lifting Jack Pad for Model 3/Y/S/X,4 PCS Jack Pad with Tire Repair Tool & Storage Box,…

    j Junsun Portable Electric Car Charger Level 2 EV Charger 32A 240V for Tesla 21ft Cable…

    j Junsun Portable Electric Car Charger Level 2 EV Charger 32A 240V for Tesla 21ft Cable…

    Model Y Mud Flaps for Tesla Model Y Accessories 2024 Mud Flaps Tire Splash Guards fit…

    Model Y Mud Flaps for Tesla Model Y Accessories 2024 Mud Flaps Tire Splash Guards fit…

    Tesla CCS Adapter, Fast and Efficient Charging Adapter for Tesla Model 3 Y S X, Portable…

    Tesla CCS Adapter, Fast and Efficient Charging Adapter for Tesla Model 3 Y S X, Portable…

    4 PCS LED Reverse Lights, 4014 45SMD 6500K 800LM High Bright Brake Light Turn Signal…

    4 PCS LED Reverse Lights, 4014 45SMD 6500K 800LM High Bright Brake Light Turn Signal…

  • UFO
    History Classics: UFOs & Aliens

    History Classics: UFOs & Aliens

    Mysteries Of Ancient Aliens According To Hinduism || #shorts || #youtube || #religion ||

    Mysteries Of Ancient Aliens According To Hinduism || #shorts || #youtube || #religion ||

    The Light Gate Welcomes Rafael Lugo, Contactee, August 21st, 2023

    The Light Gate Welcomes Rafael Lugo, Contactee, August 21st, 2023

    FOCO NFL Mens Football Team Logo Moccasin Slippers Shoes

    FOCO NFL Mens Football Team Logo Moccasin Slippers Shoes

    Horrifying Encounter While Truck Driving #scary #paranormal

    Horrifying Encounter While Truck Driving #scary #paranormal

    Vintage Gators Personalized Name Apparel Retro Classic T-Shirt

    Vintage Gators Personalized Name Apparel Retro Classic T-Shirt

    Pop Culture Conspiracy Theories! Taylor Swift, BRAT, and The Simpson Predictions!

    Pop Culture Conspiracy Theories! Taylor Swift, BRAT, and The Simpson Predictions!

    Mufon and Ufos: The Proof is Out There [DVD]

    Mufon and Ufos: The Proof is Out There [DVD]

    Unidentified Flying Objects

    Unidentified Flying Objects

No Result
View All Result
Techcratic
No Result
View All Result
Home Cybersecurity

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Cyber Security by Cyber Security
June 5, 2025
in Cybersecurity
Reading Time: 7 mins read
124 6
A A
0
Share on FacebookShare on XShare on LinkedIn

info@thehackernews.com (The Hacker News)
2025-06-05 11:53:00
thehackernews.com

Jun 05, 2025Ravie LakshmananBrowser Security / Online Safety

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.

“Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response team, said. “By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext.”

The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences.

Cybersecurity

The list of identified extensions are below –

  • SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl), which call the URL “rank.trellian[.]com” over plain HTTP
  • Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh), which uses HTTP to call an uninstall URL at “browsec-uninstall.s3-website.eu-central-1.amazonaws[.]com” when a user attempts to uninstall the extension
  • MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl) and MSN Homepage, Bing Search & News (ID: midiombanaceofjhodpdibeppmnamfcj), which transmit a unique machine identifier and other details over HTTP to “g.ceipmsn[.]com”
  • DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc), which constructs an HTTP-based URL request to “stats.itopupdate[.]com” along with information about the extension version, user’s browser language, and usage “type”

“Although credentials or passwords do not appear to be leaked, the fact that a password manager uses unencrypted requests for telemetry erodes trust in its overall security posture,” Guo said.

Symantec said it also identified another set of extensions with API keys, secrets, and tokens directly embedded in the JavaScript code, which an attacker could weaponize to craft malicious requests and carry out various malicious actions –

  • Online Security & Privacy extension (ID: gomekmidlodglbbmalcneegieacbdmki), AVG Online Security (ID: nbmoafcmbajniiapeidgficgifbfmjfo), Speed Dial [FVD] – New Tab Page, 3D, Sync (ID: llaficoajjainaijghjlofdfmbjpebpa), and SellerSprite – Amazon Research Tool (ID: lnbmbgocenenhhhdojdielgnmeflbnfb), which expose a hard-coded Google Analytics 4 (GA4) API secret that an attacker could use to bombard the GA4 endpoint and corrupt metrics

  • Equatio – Math Made Digital (ID: hjngolefdpdnooamgdldlkjgmdcmcjnc), which embeds a Microsoft Azure API key used for speech recognition that an attacker could use to inflate the developer’s costs or exhaust their usage limits

  • Awesome Screen Recorder & Screenshot (ID: nlipoenfbbikpbjkfpfillcgkoblgpmj) and Scrolling Screenshot Tool & Screen Capture (ID: mfpiaehgjbbfednooihadalhehabhcjo), which expose the developer’s Amazon Web Services (AWS) access key used to upload screenshots to the developer’s S3 bucket

  • Microsoft Editor – Spelling & Grammar Checker (ID: gpaiobkfhnonedkhhfjpmhdalgeoebfa), which exposes a telemetry key named “StatsApiKey” to log user data for analytics

  • Antidote Connector (ID: lmbopdiikkamfphhgcckcjhojnokgfeo), which incorporates a third-party library called InboxSDK that contains hard-coded credentials, including API keys.

  • Watch2Gether (ID: cimpffimgeipdhnhjohpbehjkcdpjolg), which exposes a Tenor GIF search API key

  • Trust Wallet (ID: egjidjbpglichdcondbcbdnbeeppgdph), which exposes an API key associated with the Ramp Network, a Web3 platform that offers wallet developers a way to let users buy or sell crypto directly from the app

  • TravelArrow – Your Virtual Travel Agent (ID: coplmfnphahpcknbchcehdikbdieognn), which exposes a geolocation API key when making queries to “ip-api[.]com”

Attackers who end up finding these keys could weaponize them to drive up API costs, host illegal content, send spoofed telemetry data, and mimic cryptocurrency transaction orders, some of which could see the developer’s ban getting banned.

Adding to the concern, Antidote Connector is just one of over 90 extensions that use InboxSDK, meaning the other extensions are susceptible to the same problem. The names of the other extensions were not disclosed by Symantec.

Cybersecurity

“From GA4 analytics secrets to Azure speech keys, and from AWS S3 credentials to Google-specific tokens, each of these snippets demonstrates how a few lines of code can jeopardize an entire service,” Guo said. “The solution: never store sensitive credentials on the client side.”

Developers are recommended to switch to HTTPS whenever they send or receive data, store credentials securely in a backend server using a credentials management service, and regularly rotate secrets to further minimize risk.

The findings show how even popular extensions with hundreds of thousands of installations can suffer from trivial misconfigurations and security blunders like hard-coded credentials, leaving users’ data at risk.

“Users of these extensions should consider removing them until the developers address the insecure [HTTP] calls,” the company said. “The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.”

“The overarching lesson is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share, to ensure users’ information remains truly safe.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



Source Link


Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!


Start your free Amazon Prime trial
today and unlock unlimited streaming and more!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!

BITCOIN

Bitcoin Logo

Bitcoin QR Code

bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge

Scan the QR code with your crypto wallet app

DOGECOIN

Dogecoin Logo

Dogecoin QR Code

D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA

Scan the QR code with your crypto wallet app

ETHEREUM

Ethereum Logo

Ethereum QR Code

0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a

Scan the QR code with your crypto wallet app

Please read the Privacy and Security Disclaimer on how Techcratic handles your support.

Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.

Tags: Cybersecurity
Share161Tweet101Share28
Previous Post

Advertising strategies are changing with AI and data analysis tools

Next Post

3PCS Car Micro Squeegee Curves Slot Tint Tool Set, Auto Vinyl Wrap Tool Kit, 3 in 1…

Cyber Security

Cyber Security

Explore the critical updates and expert insights in cybersecurity. Stay protected and informed with the latest trends, threats, and solutions in the world of digital security. Find the latest articles here at Techcratic.

Related Posts

Cybersecurity
Cybersecurity

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

June 10, 2025
1.3k
Cybersecurity
Cybersecurity

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

June 10, 2025
1.3k
Cybersecurity
Cybersecurity

Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

June 10, 2025
1.3k
Cybersecurity
Cybersecurity

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

June 10, 2025
1.3k
Cybersecurity
Cybersecurity

Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025

June 8, 2025
1.3k
Cybersecurity
Cybersecurity

Empower Users and Protect Against GenAI Data Loss

June 6, 2025
1.3k
Load More
Next Post
3PCS Car Micro Squeegee Curves Slot Tint Tool Set, Auto Vinyl Wrap Tool Kit, 3 in 1…

3PCS Car Micro Squeegee Curves Slot Tint Tool Set, Auto Vinyl Wrap Tool Kit, 3 in 1...

Leaked Apple charger points to incredibly fast iPhone 17 MagSafe charging

Leaked Apple charger points to incredibly fast iPhone 17 MagSafe charging

Leveling up your Microsoft Store on Windows experience

Leveling up your Microsoft Store on Windows experience

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Your Tech Resources

  • 30 Second Tech ™
  • AI
  • App Zone ™
  • Apple
  • Ars Technica
  • CNET
  • ComputerWorld
  • Crypto News
  • Cybersecurity
  • Endgadget
  • Fossbytes
  • Gaming
  • GeekWire
  • Gizmodo
  • Google News
  • Hacker News
  • Harvard Tech
  • I Like Cats ™
  • I Like Dogs ™
  • LifeHacker
  • MacRumors
  • Macworld
  • Mashable
  • Microsoft
  • MIT Tech
  • PC World
  • Photofocus
  • Physics
  • Random Tech
  • Retro Rewind ™
  • Robot Report
  • SiliconANGLE
  • SlashGear
  • Smartphone
  • StackSocial
  • Tech Art
  • Tech Careers
  • Tech Deals
  • Techcratic ™
  • TechCrunch
  • Techdirt
  • TechRepublic
  • Techs Got To Eat ™
  • TechSpot
  • Tesla
  • The Verge
  • TNW
  • Trusted Reviews
  • UFO
  • VentureBeat
  • Visual Capitalist
  • Weird Stuff
  • Wired
  • ZDNet

Tech News

  • 30 Second Tech ™
  • AI
  • AnandTech
  • Apple Insider
  • Ars Technica
  • CNET
  • ComputerWorld
  • Crypto News
  • Cybersecurity
  • Endgadget
  • ExtremeTech
  • Fossbytes
  • Gaming
  • GeekWire
  • Gizmodo

Tech News

  • Harvard Tech
  • MacRumors
  • Macworld
  • Mashable
  • Microsoft
  • MIT Tech
  • Physics
  • PC World
  • Random Tech
  • Retro Rewind ™
  • SiliconANGLE
  • SlashGear
  • Smartphone
  • StackSocial
  • Tech Careers

Tech News​

  • Tech Art
  • TechCrunch
  • Techdirt
  • TechRepublic
  • Techs Got To Eat ™
  • TechSpot
  • Tesla
  • The Verge
  • TNW
  • Trusted Reviews
  • UFO
  • VentureBeat
  • Visual Capitalist
  • Weird Stuff
  • Wired
  • ZDNet

Site Links

  • About Techcratic
  • Affiliate Disclaimer
  • Affiliate Link Policy
  • Contact Techcratic
  • Dealors Discount Store
  • Privacy and Security Disclaimer
  • Privacy Policy
  • RSS Feed
  • Site Map
  • Support Techcratic
  • Techcratic
  • Tech Deals
  • TOS
  • 𝕏
Click For A Secret Deal

Techcratic – Your All In One Tech Hub © 2020 – 2025
All Rights Reserved
∞

No Result
View All Result
  • Home
  • Apple
  • Gaming
  • Microsoft
  • AnandTech