Software
108 malicious Chrome extensions steal data from 20,000 users
Cybersecurity researchers uncover coordinated campaign targeting Google accounts and Telegram sessions via Chrome Web Store.
MUMBAI: Chrome users just got a stark reminder that not every extension is an innocent add-on some are quietly picking your digital pockets. Security firm Socket has uncovered a large-scale coordinated cyberattack involving 108 malicious browser extensions on the Google Chrome Web Store. These extensions, which collectively racked up around 20,000 installs, disguised themselves as handy tools like Telegram sidebar clients, text translators, and even slot machine-style games, while secretly stealing sensitive user data and hijacking sessions.
All 108 extensions operated under five seemingly distinct publisher identities including names like Yana Project, Gamegen, and Rodeo Games but covertly shared a single command-and-control (C2) infrastructure. According to Socket security researcher Kush Pandya, they routed stolen credentials, user identities, browsing data, and more to servers controlled by the same operator.
Particularly alarming, 54 of the extensions specifically targeted Google account identities, harvesting email addresses and profile pictures through OAuth2 during sign-in attempts. Another 45 contained a universal backdoor that allowed attackers to silently open arbitrary URLs on users’ browsers at startup, based on remote instructions.
The most severe offender was the ‘Telegram Multi-account’ extension. It secretly extracted active Telegram Web authentication tokens and transmitted them to a remote server every 15 seconds. This gave attackers full control over victims’ accounts accessing messages, contacts, and linked services without needing passwords or two-factor authentication codes.
Five extensions went even further, using Chrome’s declarativeNetRequest API to strip security headers from websites (including Youtube and TikTok) before pages loaded, weakening built-in protections and enabling ad injection or harmful code execution.
The campaign highlights the growing risks of browser-based threats, where seemingly legitimate extensions serve as stealthy vectors for data theft and account takeover in an era of instant digital convenience.
How to stay safe Security experts recommend immediate action:
- Review and remove any suspicious installed extensions from Chrome settings.
- If you used Telegram-related extensions, log out of all active Telegram Web sessions via the ‘Devices’ section in the mobile app.
- If you signed in with Google credentials through any of these tools, treat the account as potentially compromised and revoke unfamiliar third-party access in your Google account settings.
In a world where extensions promise productivity or fun with just one click, this incident serves as a timely nudge: even the smallest add-ons can carry big risks. A quick spring clean of your browser could be the smartest security move you make today. Stay vigilant your data is only as safe as the tools you trust.
Software
OpenAI launches $100/month ChatGPT Pro tier to rival Anthropic
New subscription offers significantly more Codex usage for heavy coding tasks.
MUMBAI: OpenAI has just raised the stakes in the AI coding arms race by giving power users a much bigger slice of the pie. The company has introduced a new $100-per-month ChatGPT Pro subscription tier, aimed squarely at competing with Anthropic in the fast-growing AI coding space. The new plan provides five times more Codex usage than the existing $20 Plus tier and is specifically designed for longer, high-effort coding sessions.
According to OpenAI’s announcement on X, the Pro tier will continue to include access to all existing Pro features, including its exclusive Pro model and unlimited usage of Instant and Thinking models. As part of a limited-time promotion running until 31 May, new subscribers to the $100 plan will receive up to ten times the Codex usage of ChatGPT Plus to support more ambitious development projects.
The company also noted that the current Codex promotion for Plus users will end, with usage being rebalanced to allow more frequent sessions throughout the week rather than heavy daily limits. The $20 Plus plan will remain the main offering for everyday use, while the new $100 tier targets heavier, more consistent workloads.
OpenAI’s broader subscription lineup continues to include a $200 Pro tier, an $8 Go plan, and a free tier. Earlier this week, CEO Sam Altman revealed that the Codex AI coding agent had reached three million users, with usage limits reset at every million-user milestone.
The launch closely mirrors Anthropic’s pricing structure, which includes a Max 5x tier at $100 per month and a Max 20x tier at $200 per month. The move comes amid reports that OpenAI has initiated a “code red” internal strategy to counter Anthropic’s growing dominance in AI coding tools. The company is shifting focus toward professional developer tools while reportedly scaling back or pausing other projects, including further development of its Sora video generator.
OpenAI has also confirmed plans to build a desktop “superapp” that integrates ChatGPT, Codex, and its Atlas AI browser into a single unified platform.
In the competitive world of AI coding assistants, OpenAI is clearly signalling it won’t be outspent or outbuilt. With the new $100 Pro tier, the company is giving serious developers more firepower and sending a clear message to rivals that the race is far from over.
