Firefox, Edge Patch Critical RCEs; Malicious Extensions Active

Infostealers Like Lumma and Vidar Continue to Target Browser Data

• Recent security analyses confirm a persistent threat from infostealers, including Lumma Stealer and Vidar Stealer, actively targeting user credentials and sensitive data.
• These malware variants focus on extracting stored information from web browsers, such as login credentials, cookies, and financial details, posing a direct threat to user privacy and security.
• The ongoing campaigns highlight the critical importance of browser security practices, including strong, unique passwords and regular clearing of sensitive browsing data.

Source: Security Affairs | Date: January 24, 2026

Malicious Browser Extensions Mimicking Legitimate Tools Steal Crypto and Sensitive Data

• Security researchers have uncovered a new campaign actively distributing malicious browser extensions designed to mimic legitimate and popular tools.
• These deceptive extensions primarily aim to steal cryptocurrencies and other sensitive information directly from affected users' browsers.
• Users are strongly advised to scrutinize browser extensions before installation, verifying their legitimacy and permissions to prevent compromise.

Source: Security Affairs | Date: January 24, 2026

Firefox Receives Critical Update Addressing Memory Safety and RCE Vulnerabilities

• Mozilla has released a significant security update for Firefox, addressing several high-severity memory safety bugs that could lead to arbitrary code execution.
• The update also patches a critical remote code execution (RCE) vulnerability found within its rendering engine, posing a severe risk to users.
• Firefox users are urged to update their browsers immediately to the latest version to mitigate these critical security flaws.

Source: Security Affairs | Date: January 24, 2026

Microsoft Edge Patches Critical Use-After-Free Vulnerability Leading to RCE

• Microsoft has released a security patch for Edge, addressing a critical use-after-free (UAF) vulnerability that could enable arbitrary code execution.
• This UAF flaw, if exploited, could allow an attacker to run malicious code in the context of the browser, potentially leading to system compromise.
• Edge users are advised to update their browsers without delay to apply the necessary security fixes and protect against potential exploitation.

Source: Security Affairs | Date: January 24, 2026

References

1. SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81 - Security Affairs
2. Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs