Browser Security

Trust Wallet Chrome Extension Breach Leads to $7M Crypto Loss

Nishant Sharma

27 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

Trust Wallet's Chrome browser extension was compromised through a supply chain attack, leading to an estimated $7 million in cryptocurrency theft from user wallets.
The attack vector involved malicious code injected into the third-party open-source component dex-web-wallet that the extension relied upon.
Users are advised to update their Trust Wallet Chrome extension to version 2.6.28 or later and consider moving funds to a hardware wallet as a precaution.

Source: The Hacker News | Date: December 16, 2025

Trust Wallet Warns Users to Update Chrome Extension Following $7 Million Security Loss

Trust Wallet confirmed a significant security incident affecting its Chrome extension, where a flaw in a third-party dependency led to approximately $7 million in digital asset losses.
The vulnerability allowed attackers to execute arbitrary code within the extension's environment, bypassing security measures and compromising user funds.
An urgent update to Trust Wallet Chrome extension version 2.6.28 or above is critical for users to protect their cryptocurrency holdings from further exploitation.

Source: Security Affairs | Date: December 16, 2025

References

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code - The Hacker News
Trust Wallet warns users to update Chrome extension after $7M security loss - Security Affairs

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

This newsletter is AI generated and may hallucinate sometimes 😊 * Mozilla's PDF.js, a popular open-source JavaScript library widely used for in-browser PDF rendering, has addressed critical code injection and crash vulnerabilities. * The code injection flaw could enable attackers to execute arbitrary JavaScript code within a user's

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

This newsletter is AI generated and may hallucinate sometimes 😊 Blesta Reflected XSS Flaw Endangers Client Management Portals * A reflected Cross-Site Scripting (XSS) vulnerability, tracked as KIS-2026-01, has been identified in Blesta versions up to 5.13.1, specifically affecting the confirm_url parameter. * This flaw enables attackers to inject arbitrary

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

This newsletter is AI generated and may hallucinate sometimes 😊 Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities * Foxit released security updates for its PDF Editor Cloud, addressing multiple Cross-Site Scripting (XSS) vulnerabilities. * These XSS flaws could allow attackers to inject malicious scripts into web pages viewed by users,

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

Trust Wallet Warns Users to Update Chrome Extension Following $7 Million Security Loss

References

Read more

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws