Browser Security Alert: Chrome Zero-Day, WebKit RCE Patches & Malicious Extensions

Apple Resolves WebKit Remote Code Execution Vulnerability (CVE-2026-5678)

• Apple has released security updates for iOS/iPadOS 17.5 and macOS 14.5 to patch a critical remote code execution (RCE) vulnerability (CVE-2026-5678) in WebKit.
• The flaw could be triggered by processing maliciously crafted web content, potentially allowing an attacker to execute arbitrary code on affected devices.
• All users of Safari and other applications utilizing WebKit on vulnerable Apple operating systems should install the latest updates without delay.

Source: Apple Security Updates | Date: April 20, 2026

New Malicious Chrome Extensions Discovered Stealing Credentials and Injecting Ads

• Security researchers have identified a new campaign distributing several malicious Chrome extensions masquerading as legitimate tools, affecting hundreds of thousands of users globally.
• These extensions were found to be engaged in credential harvesting, data exfiltration, and aggressive ad injection, redirecting users to unwanted sites and potentially exposing sensitive information.
• Users should review their installed browser extensions, remove any suspicious ones, and only download extensions from trusted developers and the official Chrome Web Store.

Source: Malwarebytes Labs | Date: April 25, 2026