Corporate Security
March 10, 20261 min read196
Massive Fake Chrome Extension Campaign Steals Sensitive Corporate Data
Researchers identified a massive campaign using fake Chrome extensions to steal sensitive corporate data, including credentials, emails and session tokens.
By Titan Layer Editorial Team
Published on March 10, 2026
Source: —
Security researchers identified a massive, coordinated campaign using fake Google Chrome extensions to steal sensitive corporate data from companies worldwide, notable for its scale and technical sophistication.
Over 35 malicious extensions were identified, some with over 100,000 installations, affecting companies in more than 40 countries. Extensions disguised as productivity tools steal credentials via form interception, perform session hijacking, exfiltrate emails, and bypass 2FA by capturing TOTP codes in real time.
Corporate protection: implement extension whitelist policies via Google Admin Console, block unapproved extension installation, audit installed extensions, deploy Browser Security solutions, and train employees.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 10, 2026
Content type:Curated summary and editorial analysis
#chrome#extensões maliciosas#dados corporativos#segurança#enterprise
Share this article
Related Articles
Cyber Crime
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
Titan Layer
2d ago
Cyber Crime
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Titan Layer
3d ago
Cyber Crime
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Titan Layer
6d ago