There are moments I ignore them, how ever this evening I was alerted by Forbes (at https://www.forbes.com/sites/daveywinder/2026/03/01/search-screen-with-google-lens-tool-compromised-to-steal-credentials/) to the setting of ‘Google Lens Chrome Browser Tool Compromised To Steal Credentials’ Now, first of all, I am a oogly googly Googler as such I to a point revere the solutions that Google gives to you an me and this alert is not on Google, but it is their solution that gives this predicament. Apparently (according to Davey Winder) who is a technology journalist who covers cybersecurity news and research and as he works for Forbes I reckon that his credentials are OK. Still we are given “it has been reported that a previously legitimate Chrome extension, used to search your screen with Google Lens, was recently compromised and turned into a malicious credential-stealing tool instead. Here’s what you need to know.” So, as I initially contemplated to let this rest for 12 hours and give it in the next story, I thought it might be better to reset the timeline and tell you as soon as I am aware of this. The usual media is all about stretching timelines and I thought it was important not to be mistaken with those losers. So as we are given “Google Chrome is the world’s most popular, or at least most-used, web browser, with estimates putting the number of users fast approaching 4 billion in 2026. That it is a target for attackers is absolutely no surprise to anyone, least of all Google which has an armoury of protections in place to help prevent users from threats. Sometimes, however, a threat gets past those protections. This seems especially true when it comes to Chrome browser extension threats, as recently exposed when a reported 30 malicious AI assistant extensions were uncovered. This latest threat is also of the extension variety, but this time was particularly insidious in that it exploited a previously trusted and legitimate tool.” And I have to admit that on the Apple I got a weird setting a few days ago that involves GoogleUpdater.APP I don’t know if it is related, but these two facts make me alert you all with the setting that at present there are a few hangups with Google. Now, there is nothing to be concerned about, because as I see it, Google is all over this already and we will be ‘treated’ to the lollies of repair soon enough, optionally it is already being rolled out.
The additional information is “As per Bleeping Computer, the QuickLens extension, which formerly had a Google featured badge, grew to 7,000 users and enabled users to run Google Lens searches from within the Chrome browser. All was cool, until February 17, a little more than two weeks after ownership of the ownership exchanged hands, when the developer sold up. “A new version, 5.8, was released that contained malicious scripts that introduced ClickFix attacks and info-stealing functionality for those using the extension,” Bleeping Computer said.” And it comes with the additional “A Featured, reviewed, functional extension changes hands, and the new owner pushes a weaponized update to every existing user.” As such my question becomes Who is this new owner? It is followed by the last quote “I have approached Google for a statement, but the good news is that the compromised QuickLens extension has now been removed from the Chrome Web Store. Furthermore, it would appear to have been automatically disabled by Chrome as well, so existing users are also protected. The bad news, however, is that this is unlikely to be the last such example of legitimate extensions turning anything but. The usual advice applies: only ever update official apps and services from official sites that you have reached using known and trusted URLs, never by clicking a pop-up or link such as those mentioned here.” As such as it is not the last example, my original question remains “Who is this new owner?” And why is this piece of garbage given so much consideration for anonymity? There is a reason to do this to his children and make sure that such a person realizes that what you do to us, we can do to you. It is debatable so ‘violent’ but the article gives no clear message on who the new owners are and that is the most upsetting part. I don’t hold this against Davey Winder, but the entire setting is in some ‘new owner’ setting whilst we aren’t given names, not even corporations of who are out there to get out credentials. Is that not weird too? And as Google removed the culprit (which is good), there should be a nice register on who bought it and how much was involved, because someone bought it for more than a few coins. As such it is a simple red alert and if the others thought it would go unnoticed against all the Iranian Alerts, think again. Some people look out where the tall grass is moving. It might not be sexy, but at times it is essential to know where the tall grass is moving and whether it is moving in your direction. A simple setting really.
So again, have a great day and enjoy the sunshine out there if you are western enough from me. It is 22:45 here.
Lawrence van Rijn - Law Lord to be 