Getty Images
News brief: Browser security flaws pose growing risk
Check out the latest security news from the Informa TechTarget team.
Web browsers are critical gateways that enable an organization's employees, partners and customers to access online resources, corporate systems, business applications and sensitive data, making their security a chief concern for organizations today.
The rise of hybrid work environments, increased reliance on SaaS applications and adoption of generative AI have made browsers more integral to business -- and more vulnerable to threats -- than ever.
"The 2025 Browser Security Report" from agentless AI and browser security vendor LayerX Security emphasized that browser extensions are organizations' "largest unmanaged supply chain" and reported that GenAI now accounts for 32% of all corporate-to-personal data exfiltration, making it the leading vector for corporate data movement outside sanctioned environments.
Browsers are also a major attack vector. "2025 State of Browser Security Report" from enterprise browser vendor Keep Aware found that browser-based malware accounted for 70% of all observed malware events in the previous year.
Vendors have made significant strides in recent years to safeguard browsers, and specialized security software can take browser security a step further. Yet browser security concerns remain, as evidenced by this week's featured news stories.
Privacy browser extension captures users' AI chatbot conversations
The Urban VPN Proxy browser extension, popular for its privacy protection claims, has been found to harvest user data from interactions with eight popular AI chatbots, including ChatGPT and Claude.
Researchers at Koi Security revealed that since version 5.5.0, the Chrome and Edge browser extension injects scripts into targeted AI platforms to intercept and exfiltrate conversation data, including prompts, responses and metadata, to Urban VPN's servers. This data collection operates independently of the VPN functionality and cannot be disabled without uninstalling the extension.
While Urban VPN, affiliated with data broker BiScience, discloses this practice in its privacy policy, exfiltrating and selling users' data could be viewed as at odds with the product's reputation as a privacy protector.
Read the full story by Elizabeth Montalbano on Dark Reading.
Apple and Google issue patches for browser vulnerabilities
Apple recently patched two zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, which could allow arbitrary code execution through maliciously crafted web content. The flaws were in WebKit, which is used in the Safari web browser and other Apple products and applications. Both CVEs were discovered in collaboration with Google's Threat Analysis Group and addressed via updates for iOS, iPadOS and macOS on Dec. 12.
Apple noted that these flaws might have been exploited in sophisticated attacks targeting specific individuals, potentially linked to commercial spyware.
Google patched CVE-2025-14174 in Chrome last week.
Remote access Trojan provides device control and browser autofill info
The Cellik RAT as a service enables attackers to bundle malware with legitimate Android apps from the Google Play Store, creating poisoned versions for distribution. Highlighted by iVerify researcher Daniel Kelley, Cellik provides attackers with full device control, including screen streaming, keylogging, file access and browser data theft. It also features app-injection capabilities, such as creating fake login overlays to harvest credentials.
Notably, Cellik includes an automatic .apk builder that wraps its payload around trusted apps, potentially bypassing Google Play Protect. Priced between $150 per month and $900 for a lifetime subscription, Cellik exemplifies the growing accessibility of advanced Android malware for low-skilled attackers, emphasizing the need for vigilance against social engineering and sideloading.
Read the full story by Alexander Culafi on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics.
