Corporate Security
March 10, 20261 min read196
Massive Fake Chrome Extension Campaign Steals Sensitive Corporate Data
Researchers identified a massive campaign using fake Chrome extensions to steal sensitive corporate data, including credentials, emails and session tokens.
By Titan Layer Editorial Team
Published on March 10, 2026
Source: —
Security researchers identified a massive, coordinated campaign using fake Google Chrome extensions to steal sensitive corporate data from companies worldwide, notable for its scale and technical sophistication.
Over 35 malicious extensions were identified, some with over 100,000 installations, affecting companies in more than 40 countries. Extensions disguised as productivity tools steal credentials via form interception, perform session hijacking, exfiltrate emails, and bypass 2FA by capturing TOTP codes in real time.
Corporate protection: implement extension whitelist policies via Google Admin Console, block unapproved extension installation, audit installed extensions, deploy Browser Security solutions, and train employees.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 10, 2026
Content type:Curated summary and editorial analysis
#chrome#extensões maliciosas#dados corporativos#segurança#enterprise
Share this article
Related Articles
Critical Vulnerabilities
CVE-2026-46483: Command Injection in Vim via Missing shellescape Flag
Titan Layer
5/18/2026
Critical Vulnerabilities
CVE-2026-43490: Validate Inherited ACE SID Length in ksmbd
Titan Layer
5/18/2026
Critical Vulnerabilities
Microsoft rejects critical Azure vulnerability report, no CVE issued
Titan Layer
5/17/2026