Both Google Chrome and Mozilla Firefox are currently facing significant security threats related to cryptocurrency theft, with Chrome under attack from a zero-day vulnerability and Firefox being targeted by malicious extensions.

Google released a stable channel update on June 26, 2025, to patch a high-severity zero-day flaw tracked as CVE-2025-6554, which allows attackers to execute arbitrary code.

To mitigate these risks, Google advises Chrome users to immediately apply the latest update, while organizations should monitor and manage browser extensions rigorously, treating them like any other software.

Over 40 malicious browser extensions have been identified, primarily distributed through the Firefox add-ons store, designed to steal sensitive crypto credentials.

The malicious extensions impersonate legitimate wallets such as Coinbase, MetaMask, and Trust Wallet, aiming to steal wallet credentials from users.

Crypto users are urged to remain vigilant, ensuring they only download trusted extensions and consistently monitor for any suspicious activity to protect their digital assets.

The rise of fake wallet extensions highlights the need for better security practices in the crypto ecosystem, especially as decentralized finance becomes more popular.

Mozilla has removed all identified malicious add-ons except for one and is implementing an early detection system to prevent scam extensions from gaining popularity.

Evidence suggests involvement of a Russian-speaking threat actor group based on language found in the code and metadata from a command-and-control server.

The authors of the malicious Firefox extensions are suspected to be Russian-speaking threat actors, although their identity remains unconfirmed.

This malicious campaign has been ongoing since at least April 2025, with new variants of fake extensions being uploaded regularly, posing continuous risks to users.

The extensions employ deceptive tactics like fake ratings and cloned branding to appear trustworthy to users, including identical names and logos of the real services they mimic.