Browser extensions are additional tools developed by third parties that integrate with web browsers to extend their functionality beyond standard capabilities. However, the browser extension platform is increasingly being exploited by hackers to launch sophisticated cyber threats. These threats encompass a wide range of malicious activities, including but not limited to phishing, spying, Distributed Denial of Service (DDoS) attacks, email spamming, affiliate fraud, malvertising, and payment fraud. This paper examines the evolving threat landscape of malicious browser extensions in 2025, focusing on Mozilla Firefox and Chrome. Our research successfully bypassed security mechanisms of Firefox and Chrome, demonstrating that malicious extensions can still be developed, published, and executed within the Mozilla Add-ons Store and Chrome Web Store. These findings highlight the persisting weaknesses in browser's vetting process and security framework. It provides insights into the risks associated with browser extensions, helping users understand these threats while aiding the industry in developing controls and countermeasures to defend against such attacks. All experiments discussed in this paper were conducted in a controlled laboratory environment by the researchers, adhering to proper ethical guidelines. The sole purpose of these experiments is to raise security awareness among the industry, research community, and the general public.

翻译：浏览器扩展是由第三方开发的附加工具，可与网络浏览器集成，以扩展其标准功能之外的能力。然而，浏览器扩展平台正日益被黑客利用，以发起复杂的网络威胁。这些威胁涵盖广泛的恶意活动，包括但不限于网络钓鱼、间谍活动、分布式拒绝服务（DDoS）攻击、电子邮件垃圾邮件、联盟欺诈、恶意广告和支付欺诈。本文研究了2025年恶意浏览器扩展不断演变的威胁态势，重点关注Mozilla Firefox和Chrome。我们的研究成功绕过了Firefox和Chrome的安全机制，证明恶意扩展仍然可以在Mozilla附加组件商店和Chrome网上应用店中被开发、发布和执行。这些发现突显了浏览器审查流程和安全框架中持续存在的弱点。本文深入剖析了与浏览器扩展相关的风险，帮助用户理解这些威胁，同时助力行业开发控制和应对措施以防御此类攻击。本文讨论的所有实验均由研究人员在受控的实验室环境中进行，并遵循适当的伦理准则。这些实验的唯一目的是提高行业、研究界和公众的安全意识。