A browser extension that once earned a Featured badge from Google quietly turned into a remote code execution tool after its ownership changed hands, exposing thousands of users to covert script injection and full browser security header stripping. The campaign, centered on a legitimate-looking Google Lens wrapper called QuickLens, highlights how even a well-reviewed, functional […] The post Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal appeared first on Cyber Security News.