this browser hack can steal everything

Mar 7, 2025
Breaking down this insane Polymorphic Browser Extension hack

I demo that showcases a sophisticated technique involving polymorphic browser extensions. This method highlights the potential risks posed by browser extensions with extensive permissions, demonstrating how a malicious extension can masquerade as a legitimate one like 1Password to steal sensitive information.

00:00 Introduction to a Jaw-Dropping Hacking Demo
00:42 Understanding Polymorphic Extensions
02:04 Phases of the Attack
03:40 Live Demo of the Attack
06:36 Personal History and Early Research
10:09 Real-World Examples and Implications
12:46 Security Recommendations and Conclusion

The Polymorphic Extension research - https://labs.sqrx.com/polymorphic-ext...

My 2011 BlackHat talk - • Hacking Google Chrome OS Matt Johan...

MY OTHER SOCIALS
🌎Website / Blog https://www.vulnu.com/
📰Newsletter / https://www.vulnu.com/subscribe/
📷 Instagram / / mattjayy
🐦Twitter / https://x.com/mattjay
🔗LinkedIn / / matthewjohansen
🦋 Bsky / https://bsky.app/profile/mattjay.com

ABOUT ME
In case we haven’t met yet, I’m your friendly neighborhood security guy 👋 I'm a computer security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Through my podcast, free newsletter, and YouTube channel, I bring you curated cyber security news and personal and professional growth with a mental health cherry on top.