“This weakening of all web browsing can open users up to attacks like cross-site scripting that would generally be prevented under normal conditions.”
245 browser extensions with nearly a million installs have been silently turning users into web scraping bots for a company called MellowTel. The extensions look harmless. Bookmark managers, volume boosters, random number generators. Behind the scenes they inject hidden iframes, strip security headers, and scrape websites on behalf of paying customers including AI startups. Extension developers get 55% of the revenue. Google, Mozilla, and Microsoft keep failing to catch this stuff despite their vetting processes.