LayerX Labs

Home Blog LayerX Labs
Any Extension Can Be Weaponized To Install Malware on Target Hosts
Blog Post

Any Extension Can Be Weaponized To Install Malware on Target Hosts

Executive Summary: Invisible Threats Can Easily Turn a Chrome Extension into a Host-Level RCE Since they were introduced, browser extensions have been treated as lightweight productivity tools — harmless add-ons that live somewhere between bookmarks and settings. They are installed casually, updated silently, and rarely scrutinized once they become part of a user’s daily workflow. […]

Iyar Segev - March 03, 2026 Read more
“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes
Blog Post

“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes

Contributors: Dar Kahllon As generative AI tools like ChatGPT, Claude, Gemini, and Grok become part of everyday workflows, attackers are increasingly exploiting their popularity to distribute malicious browser extensions. In this research, we uncovered a coordinated campaign of Chrome extensions posing as AI assistants for summarization, chat, writing, and Gmail assistance. While these tools appear […]

Natalie Zargarov - February 02, 2026 Read more
Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability
Blog Post

Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability

  Summary: LayerX discovered a zero-click remote code execution (RCE) vulnerability in Claude Desktop Extensions (DXT), in which a single Google Calendar event can silently compromise a system running Claude Desktop Extensions. The flaw impacts more than 10,000 active users and 50 DXT extensions.  Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full […]

Roy Paz - February 02, 2026 Read more
How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts
Blog Post

How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

LayerX Research identified a coordinated set of Chrome browser extensions marketed as ChatGPT enhancement and productivity tools. In practice, however, these extensions are meant to steal users’ ChatGPT identities. The campaign consists of at least 16 distinct extensions developed by the same threat actor, in order to reach as wide a distribution as possible. This […]

Natalie Zargarov - January 01, 2026 Read more
Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign
Blog Post

Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign

  Last month, researchers at Koi Security published a detailed analysis of a malicious Firefox extension they dubbed GhostPoster – a browser-based malware leveraging an uncommon and stealthy payload delivery method: steganography within a PNG icon file. This innovative approach allowed the malware to evade traditional extension security reviews and static analysis tools. Following their […]

Natalie Zargarov - January 01, 2026 Read more
CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You
Blog Post

CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You

Executive summary New research by LayerX shows how a single weaponized URL, without any malicious page content, is enough to let an attacker steal any sensitive data that has been exposed in the Comet browser.  For example, if the user asked Comet to rewrite an email or schedule an appointment, the email content and meeting […]

Aviad Gispan - October 10, 2025 Read more
Introducing ExtensionPedia: Your Ultimate Resource to Assess and Mitigate Browser Extension Risks
Blog Post

Introducing ExtensionPedia: Your Ultimate Resource to Assess and Mitigate Browser Extension Risks

LayerX is proud to announce the launch of ExtensionPedia, the Browser Extension Risk Database and Knowledge Center, for immediate general availability! Browser extensions significantly enhance productivity, streamline workflows, and personalize user experiences. Yet, beneath their convenience lies a hidden threat—malicious extensions posing serious risks to identity security, data privacy, and organizational integrity. The Hidden Risks […]

Or Eshed - May 05, 2025 Read more
LayerX Reveals 40+ Malicious Browser Extensions
Blog Post

LayerX Reveals 40+ Malicious Browser Extensions

LayerX has identified over 40 malicious browser extensions that are part of three distinct phishing campaigns. The initial detection of this campaign was done by the DomainTools Intelligence (DTI) team, who identified a list of suspicious domains that were communicating with browser extensions masquerading as legitimate brands. However, while the research by DTI provided a […]

Michelle Warburg - May 05, 2025 Read more
Introducing Full Conversation Tracking: The Next Step in GenAI Data Protection
Blog Post

Introducing Full Conversation Tracking: The Next Step in GenAI Data Protection

GenAI Security – Or Insecurity – Is In Your Hands GenAI tools like ChatGPT, Gemini, and Copilot are hot topics among employees. Their adoption is growing among the enterprise employees, as expected, while the software developers are of the highest consumers of GenAI, with almost 40% and sales and marketing professionals are just after with […]

Michelle Warburg - May 05, 2025 Read more
Copy, Paste, Escape: The growing risk of fileless data movement and risk in browsers
Blog Post

Copy, Paste, Escape: The growing risk of fileless data movement and risk in browsers

In the modern corporate environment, web browsers have become indispensable tools for daily operations. Recent studies indicate that the average employee spends over 85% of their workday using a browser. This heavy reliance on browsers, while enhancing productivity, also introduces significant security challenges, particularly concerning fileless data movement. As security and DLP experts face daily […]

Michelle Warburg - March 03, 2025 Read more