When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

As reported byBleepingComputer, the cybersecurity company SquareX Labs devised this new attack as a proof of concept.

From here, this list of installed extensions is then sent back to a hacker-controlled server.

A computer showing the Chrome Web Store

If one of the targeted extensions like1Password is installed, the malicious extension then transforms to completely copy it.

This includes changing its icon and name to match the real extension.

A fake login popup appears to trick victims into entering their credentials, impersonating the real extension.

Chrome browser on laptop

Now for the kicker.

From a victims perspective, everything now looks normal, and they might not even realize theyve been hacked.

Ill keep an eye out if and when a fix becomes available to update this story accordingly.

A hacker typing quickly on a keyboard

Ask yourself if you really need an extension first before installing anything.

iPhone 16 Pro shown held in hand

An open lock depicting a data breach

A Hertz car rental center in New York City

NYTimes Connections

Sebastian De Souza as Garrett and Sofia Carson as Alex in "The Life List" on Netflix

NYT Strands on a cellphone

Diego Luna in Andor season 2 trailer

Anthony Mackie in Captain America: Brave New World

Using an under-desk elliptical while working seated at a desk