Popular Google Chrome Extensions Expose Users to Security Risks

Several popular Google Chrome extensions, such as SEMRush Rank, Browsec VPN, MSN New Tab, DualSafe Password Manager, AVG Online Security, and Trust Wallet, expose their users to two simultaneous risks. These extensions send telemetry via HTTP without encryption and contain hardcoded credentials in the JavaScript, including API keys for GA4, Azure, AWS, Tenor, and Ramp Network. These vulnerabilities were reported in June 2025.