Today’s Topics:

• Popular Chrome Extensions Leak Sensitive Data and API Keys, Exposing Users to Cybersecurity Risks
• CVE-2025-20286: Severe Authentication Flaw in Cisco ISE Affects AWS, Azure, and OCI Deployments
• How can Netizen help?

Popular Chrome Extensions Leak Sensitive Data and API Keys, Exposing Users to Cybersecurity Risks

Cybersecurity researchers have flagged multiple widely used Google Chrome extensions that transmit sensitive data over unencrypted HTTP and expose hard-coded credentials within their code, leaving users vulnerable to a range of security threats.

Several popular extensions, including SEMRush Rank, PI Rank, Browsec VPN, and DualSafe Password Manager, have been found to transmit user data such as machine IDs, browsing domains, and even uninstall information in plain text. These unencrypted transmissions make the extensions highly susceptible to adversary-in-the-middle (AitM) attacks, where malicious actors intercept and manipulate the data, particularly when users are on public networks like Wi-Fi.

In addition to unencrypted HTTP traffic, other extensions were discovered to contain hard-coded API keys and secrets in their JavaScript code. These include popular tools like Online Security & Privacy, AVG Online Security, and Speed Dial [FVD]. Attackers could potentially exploit these credentials to perform malicious actions, such as corrupting analytics data or inflating costs for cloud services like Microsoft Azure and Amazon Web Services (AWS).

One particularly concerning example is Equatio, which embeds a Microsoft Azure API key for speech recognition. Though the risk from this particular instance is limited to just six users, the use of hard-coded credentials in more widely used extensions like InboxSDK could leave other applications exposed to the same vulnerabilities.

To mitigate these risks, experts recommend that developers avoid storing sensitive credentials on the client side and always use HTTPS for secure data transmission. Storing credentials securely in a backend server and regularly rotating secrets are also essential steps to minimize potential threats. Users of these affected extensions should consider uninstalling them until the developers address these security flaws.

CVE-2025-20286: Severe Authentication Flaw in Cisco ISE Affects AWS, Azure, and OCI Deployments

Cisco has released urgent security patches for a high-severity vulnerability, CVE-2025-20286, which affects the Identity Services Engine (ISE) deployed on cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This flaw, which carries a CVSS score of 9.9 out of 10, allows unauthenticated, remote attackers to potentially gain access to sensitive data, execute administrative operations, modify system configurations, or disrupt services within the impacted systems.

The root cause of the issue lies in the improper generation of static credentials when deploying Cisco ISE on cloud platforms. Specifically, the vulnerability allows different deployments of the same Cisco ISE release to share the same static credentials, making it easier for attackers to exploit the system. This issue is most prominent when Cisco ISE is deployed on AWS, Azure, or OCI, with specific versions of Cisco ISE (3.1, 3.2, 3.3, and 3.4) being affected across these platforms.

Exploiting the vulnerability could allow an attacker to extract user credentials from a vulnerable Cisco ISE cloud deployment and use them to access instances of Cisco ISE in other cloud environments, bypassing security measures and potentially gaining control over systems. Once inside, the attacker could execute unauthorized administrative actions, alter system configurations, and access sensitive data, making it a significant threat to enterprise security.

Cisco has acknowledged the existence of a proof-of-concept (PoC) exploit, though no malicious exploitation of the vulnerability has been confirmed in the wild. It is crucial to note that the flaw only affects deployments where the Primary Administration node of Cisco ISE is located in the cloud, meaning that on-premises deployments are not vulnerable to this issue.

To mitigate the risk, Cisco has recommended that users restrict traffic to authorized administrators and run the “application reset-config ise” command, which will reset user passwords and restore the system to factory settings. While there are no workarounds for this vulnerability, applying the patches and following Cisco’s recommendations will help protect systems from potential exploitation.

Organizations using Cisco ISE in the affected versions are urged to act immediately to update their deployments and address the vulnerability. Failure to patch could leave systems exposed to remote attacks, jeopardizing the security of sensitive data and operations across cloud environments.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.