Leaked documents expose 16 compromised browser extensions, prompting NTISB to issue safety guidelines for Pakistani internet users.
 |
| Free VPNs and AI tools flagged as security risks by Pakistan's NTISB, with calls for stricter precautions and informed online practices. Image/ Illustration: ChicHue |
Islamabad, Pakistan — January 27, 2025:
Pakistan’s National Telecom and Information Technology Security Board (NTISB) has issued a warning about 16 browser extensions posing significant cybersecurity threats. These extensions, including several popular AI tools and VPNs, have become targets for hackers exploiting them to steal sensitive user data from social media, banking platforms, and other online services, reads a DAWN report.
Browser extensions, small software programs that enhance browser functionality, are often developed by third parties. They enable users to perform tasks like blocking ads, saving passwords, or editing texts. However, these extensions require extensive permissions, granting access to sensitive data. Unlike apps, which generate revenue through subscriptions or ads, most extensions are free, making them a potential cybersecurity risk due to inadequate security measures.
The NTISB’s advisory lists extensions like AI Assistant – ChatGPT and Gemini for Chrome, Bard AI Chat Extension, and VPNCity. Hackers recently targeted these tools in a large-scale attack, compromising over 2.6 million users through malicious updates. Cyberhaven, one of the affected extensions, disclosed that attackers manipulated its Chrome Web Store version, embedding malicious code to steal user data.
To mitigate risks, the NTISB has recommended avoiding the listed extensions, installing only trusted ones, and reviewing their permissions before use. Users are also advised to regularly update or uninstall unnecessary extensions to maintain browser security.
The advisory highlights particular risks associated with free VPN extensions, such as VPNCity and Internxt VPN. VPN usage in Pakistan has surged as users bypass restrictions on platforms like X, formerly Twitter. However, Simon Migliano, head of research at Top10VPN.com, warns that most free VPNs leak data, display intrusive ads, or harbor malware. His research indicates that 88 percent of free VPNs and extensions expose users’ IP addresses and DNS data.
Migliano emphasized that reliable VPN services require subscription fees due to high operational costs. He urged users to thoroughly research and review VPN providers before trusting them, as free alternatives often compromise security for monetization purposes.