At DEF CON 32, SquareX gave an important presentation about sneaky browser extensions that are causing trouble. These extensions are finding ways to get around Google’s security measures, known as Manifest V3 (MV3), and this is putting a lot of people and companies at risk.

During their talk, SquareX showed how these rogue extensions can do some pretty harmful things. For example, they can steal video streams from platforms like Google Meet and Zoom without asking for permission. They can even access private GitHub repositories without the user knowing. Plus, they can trick people into entering their login details on fake pages and steal cookies, browsing histories, and more.

It’s a big problem because malicious extensions have been a target for a while now. In fact, a study by Stanford University says that over 280 million bad Chrome extensions have been installed. Even though Google has been trying to remove dangerous extensions, like the 32 they took down last year, the problem still remains.

SquareX has come up with some innovative solutions to help tackle this issue. They have created special policies to control extensions, block certain network requests, and analyze extensions dynamically in the cloud. These features are all part of SquareX’s Browser Detection and Response solution, which is already being used by many big companies to keep them safe.

Vivek Ramachandran, the Founder & CEO of SquareX, says that these malicious extensions can cause a lot of harm by spying on people, acting on their behalf, and stealing their information. Without the right tools in place, it’s hard to detect and stop these attacks. Although Google’s MV3 is a step forward, it still needs some improvements to make sure everyone stays safe online.