Security firm Koi Security has warned that FreeVPN.One, a Google Chrome extension with more than 100,000 users and a Google “Featured” badge, covertly captures a screenshot of every page viewed roughly 11 seconds after loading and transmits the images—together with URLs, tab identifiers and device details—to a server controlled by its anonymous developer. The behaviour occurs even when the extension’s optional AI threat-detection feature is disabled, raising questions about Google’s vetting of browser add-ons. The disclosure comes as researchers uncover fresh weaknesses in so-called agentic browsers. Brave and Guardio Labs both demonstrated that Perplexity AI’s Comet browser could be manipulated through hidden prompts and spoofed web pages to auto-click phishing links, download malware and even purchase goods on counterfeit retail sites. Perplexity deployed a patch on 13 August, but its closed-source code makes independent verification difficult, Brave said. Separately, independent researcher Marek Tóth told the DEF CON 33 conference that 11 widely used password-manager extensions—including 1Password, LastPass and Apple’s iCloud Passwords—are susceptible to a DOM-based clickjacking technique that can siphon log-in credentials, two-factor codes and credit-card details with a single click. Six vendors have yet to issue fixes, prompting calls for users to disable automatic form-filling and set extensions to “on-click” access only. In another browser-related finding, Proofpoint said users signing in with FIDO passkeys through Microsoft Entra ID can be coerced into downgrading to a less-secure authentication method, potentially exposing corporate accounts. The cascade of disclosures underscores growing concern that both conventional browser add-ons and emerging AI-driven browsing tools are widening the attack surface. Security professionals recommend auditing extensions, limiting permissions and avoiding the delegation of sensitive transactions—such as banking or online shopping—to AI agents until stronger safeguards are in place.