Multiple Security Incidents: Chrome Extensions Malware, wolfSSL Vulnerability, and Kraken Data Breach

15 Apr 2026

Chromemalwarebrowser extensionsdata exfiltrationwolfSSLvulnerabilityCVE-2026-2915Krakeninsider threatdata breachcryptocurrencyKYCcybersecurityTech

Researchers identified 108 malicious Chrome extensions collectively dubbed "Stealer" that exfiltrate sensitive user data, including credentials and browsing history, from infected browsers. Security firm ReasonLabs reported the extensions, which had been downloaded over 3.2 million times before removal by Google. Separately, a critical vulnerability (CVE-2026-2915) in wolfSSL was disclosed, allowing certificate forgery due to a flaw in its signature verification process, affecting versions 5.6.6 and earlier. Cryptocurrency exchange Kraken confirmed an insider threat incident where an employee allegedly sold customer data, including KYC details, to an undisclosed third party in April 2026. The breach impacted an unspecified number of users, prompting internal investigations and enhanced access controls.