Microsoft’s Edge browser has been rocked by a significant security breach, with the company announcing the removal of 119 extensions that were secretly injecting malware into users’ browsers. The malicious extensions, which ranged from productivity tools to games and utilities, had been downloaded over 1 million times before being pulled from the Microsoft Store.
The affected extensions used a cunning tactic to evade detection: they embedded malware in seemingly innocuous image files or fonts, which would then be executed when loaded by the browser. This approach allowed the malicious code to bypass traditional security checks, making it difficult for users and even some cybersecurity tools to identify the threat. The extensions’ creators likely exploited this vulnerability to distribute their malware undetected.
Microsoft’s investigation suggests that these extensions were created by a single group of developers, who used various techniques to disguise their involvement and evade detection. The company’s actions are seen as a significant victory for security, particularly given the scale of the breach: over 1 million users had installed one or more of the malicious extensions. This incident highlights the ongoing cat-and-mouse game between cybersecurity experts and malicious actors.
This security vulnerability was only discovered thanks to advanced AI-powered tools used by Microsoft’s security team. These AI models have become increasingly effective at identifying potential vulnerabilities, including those that might evade human detection. However, this development also underscores the importance of staying vigilant: even with AI-powered monitoring in place, security breaches can still occur if users are not cautious when installing software.
The removal of these malicious extensions serves as a stark reminder for users to exercise caution when downloading browser extensions and other software. It’s essential to only install trusted applications from reputable sources, such as the official Microsoft Store or other well-established marketplaces. Furthermore, regularly monitoring your browser’s add-ons and plugins can help prevent similar incidents in the future.
To avoid falling victim to similar security breaches, CyberNews.work recommends that readers take a few simple precautions: always check an extension’s ratings and reviews before installation; only download extensions from trusted sources; and keep your browser and operating system up-to-date with the latest security patches. By being proactive about software safety, users can significantly reduce their risk of encountering malware and other security threats.
Source: The Hacker News — 2026-06-29