Close Menu
TechurzTechurz
    What's Hot

    Builders Stage agenda revealed for Disrupt 2026

    July 1, 2026

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Builders Stage agenda revealed for Disrupt 2026
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - AI - Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
    AI

    Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP

    TechurzBy TechurzJune 9, 2025Updated:May 10, 2026No Comments1 Min Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
    Share
    Facebook Twitter LinkedIn Pinterest Email


    From the extensions Guo mentioned, SEMRush Rank and PI Rank transmit users’ full browsing domains in plaintext to rank.trellian.com, effectively exposing their web activity. MSN New Tab/Homepage sends a persistent Machine ID, OS version, and extension version using an unencrypted SendPingDetails request, data that can be used to track users across sessions.  

    Additionally, DualSafe Password Manager, while not leaking passwords, still pushes analytics like browser language and version to stats.itopupdate.com over HTTP.  

    “We used to call these (extensions) BHO’s – browser helper objects – and this was a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet,” said BugCrowd CISO Trey Ford. “Ultimately, this can manifest as a form of malware, and unavoidably create a new attack surface for miscreants to attack and compromise a very secure browsing experience.” 

    Chrome Extension hardcoded HTTP leaky privacy promises Secrets undone
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleWWDC’s iOS 26 launch is the first step toward the ‘Liquid Glass’ iPhone
    Next Article Oppo A5i and A5i Pro launch with Snapdragon 6s 4G Gen 1, Pro has 6,000mAh Si/C battery
    Techurz
    • Website

    Related Posts

    AI Systems

    The Future of AI Systems: 7 Architectural Shifts Driving the AI Revolution

    June 13, 2026
    Opinion

    As the browser wars heat up, here are the hottest alternatives to Chrome and Safari in 2026

    May 30, 2026
    Opinion

    Consumer-focused privacy company Cloaked raises $375M as it expands to enterprise

    March 19, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.