2025-12-13 –, Rookie Track 1
Software beginners often assume that installing a browser extension is harmless. However, recent incidents reveal even widely-used extensions can deliver spyware, hijack sessions, or steal credentials. This rookie-friendly talk examines a malicious network of Firefox and Chrome extensions impersonating popular games that hijacked sessions, redirected users to scams, and stole sensitive credentials. We’ll demystify browser extension threats and share a simple checklist for evaluating extensions. In just 15 minutes, attendees will learn easy habits to keep their browsers safe without specialized tools.
- Why browser extension security matters (3 min)
Introduce browser extensions and their common uses.
Summarize recent incidents involving malicious gaming extensions that hijacked sessions and stole credentials.
- Common browser extension threats explained (5 min)
Impersonation: How attackers create extensions posing as popular games to deceive users.
Hijacking and credential theft: Demonstrate simple methods attackers use to gain unauthorized access or redirect users.
Simple security checklist for beginners (5 min)
Wrap-up and invitation to explore further (2 min)
Encourage continuous learning about browser security.
Kush Pandya – Security researcher at Socket.dev