Legitimate Chrome Extensions Turn Malicious After Ownership Change

Two legitimate Chrome extensions, QuickLens and ShotBird, became malicious after a change in ownership, introducing harmful updates that enable remote JavaScript injection, web response manipulation, and ClickFix-style deception tactics. The compromised versions are designed to steal user data and, in some cases, facilitate command execution. The attack vector involves previously trusted extensions transitioning to malicious functionality post-acquisition. No specific dates, version numbers, or CVE identifiers were disclosed in the report. The impact includes unauthorized data exfiltration and potential remote code execution via browser-based exploitation.