> TritonInfoSec News
Home / Jun 26, 2026 / Story
0
#10 The Hacker News general June 25, 2026 at 14:12 UTC

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

By [email protected] (The Hacker News)

AI Summary

Researchers from Island discovered that 'Adblock for YouTube' (Chrome extension ID: cmedhionkhpnakcndndgjdbohmhepckk), which carries a Featured badge on the Chrome Web Store and has over 10 million installs, contains dormant capability to execute arbitrary JavaScript on user browsers. The extension has not been confirmed as actively malicious, but the hidden script injection capability represents a significant supply chain risk given its installation footprint. Users and enterprise security teams managing Chrome extension policies should evaluate or block this extension pending further investigation.

Read full article → https://thehackernews.com/2026/06/chrome-ad-blocke…

Relevance score: 73.0/100

# More from June 26

  1. 1
    Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access The Hacker News
  2. 2
    Amadey, StealC malware operations disrupted in Operation Endgame action BleepingComputer
  3. 3
    In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw Dark Reading
  4. 4
    New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis The Hacker News
  5. 5
    CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited The Hacker News
  6. 6
    CISA warns of max severity Ubiquiti flaws exploited in attacks BleepingComputer
  7. 7
    Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances WeLiveSecurity (ESET)
  8. 8
    BeyondTrust, LastPass Impacted by Klue-Salesforce Incident SecurityWeek
  9. 9
    Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking SecurityWeek