chrome
Safeguard articles tagged "chrome" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Safeguard Is Now in Your Browser: the Chrome Extension Is Live
One click on the Chrome Web Store puts Griffin AI search in a side panel next to any tab — one permission, no host access, no data collection, under 8 KiB. Here's what it does and why we built it so small.
Zero-Day Alert: Chrome V8 CVE-2026-11645 Is Being Exploited in the Wild
Google shipped an emergency Chrome update for CVE-2026-11645, an out-of-bounds memory bug in V8 already exploited in the wild. Here is what the CVE actually means and why your browser patch window just shrank to days.
Chrome extension marketplace hijack: the acquired-and-weaponized pattern
Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.
Chrome Zero-Day CVE-2025-2783: Sandbox Escape Used in Espionage Campaign
Kaspersky discovered a Chrome zero-day being exploited in a targeted espionage campaign dubbed Operation ForumTroll. The flaw broke Chrome's sandbox with no user interaction beyond clicking a link.
Qilin Ransomware and the Chrome Credential Harvesting Gambit
Qilin ransomware operators pioneered a mass credential theft technique using Group Policy to extract saved Chrome browser credentials across entire domains.
Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security
Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.
Browser Extension Supply Chain Attacks: The Overlooked Threat Vector
Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.
Browser Extension Permission Models and Supply Chain Risk
Browser extensions operate with broad permissions and auto-update silently. Here is how the extension permission model creates supply chain risks and what organizations can do about it.