- Labels like “verified” give a false sense of security but does not reflect real enlargement behavior
- Browser Devtools were never intended to track how extensions behave across tabs and over time
- Malicious extensions often work normally until specific triggers make their hidden features come alive
The uncontrolled spread of malicious browser extensions only exposes users to spyware and other threats, largely due to deeply sitting missing in how the software handles expanding security.
New research from Squarex claims that many people are still dependent on superficial confidence markers such as “verified” or “Chrome highlighted”, which has repeatedly failed to prevent widespread compromise.
These markers, while intended to insure users, often provide little insight into the actual behavior of an extension.
Labels offer little protection against dynamic threats
A central topic lies in the limitations of browser Devtools, which was designed in the late 2000s for debugging the web page.
These tools were never intended to inspect the far more complex behavior of modern browser extensions that can run scripts, take screens and operate across tabs, actions that existing Devtools are struggling to track or attribute.
This creates an environment where malicious behavior can remain hidden, even if they collect data or manipulate web content.
The lack of these Devtools lies in their inability to provide telemetry that isolates expansion behavior from standard web activity.
For example, when a script is injected on a web page by an extension, Devtools lacks the means to distinguish it from the page’s original features.
The Geco Colorpick incident offers an example of how trust indicators can fail disastrous – according to Koi Research finds were 18 malicious extensions able to distribute spyware to 2.3 million users despite having the very visible “verified” label.
To tackle this, Squarex has suggested a new frame involving a modified browser and what it calls browser AI agents.
This combination is designed to simulate varied user behavior and conditions by drawing hidden or delayed answers from extensions.
The procedure is part of what Squarex expresses expansion monitoring of the sandbox, a setup that enables dynamic analysis based on real -time activity rather than only static code inspection.
Currently, many organizations are continuing to rely on free antivirus tools or built -in browser protection that cannot keep up with the evolving peat landscape.
The gap between perceived and actual security leaves both individuals and businesses vulnerable.
The long -term effect of this initiative is yet to be seen, but it reflects a growing recognition that browser -based threats require more than superficial protective measures.
