Scott Helme offers insights into web security, HTTPS adoption, and best practices for securing online services, providing articles, workshops, and security tools to help organizations protect against cyber threats. By exploring Scott Helme's curated content, developers can learn about HTTP security headers, Content Security Policy (CSP), and TLS encryption for securing web applications and APIs. Whether you're a web developer, sysadmin, or security professional, Scott Helme offers resources to enhance your cybersecurity knowledge and defend against common vulnerabilities.

Scott Helme

A security researcher at Report URI uncovered 'Amazing Refresh', a Chrome and Edge browser extension with nearly 100,000 installs that masquerades as a tab auto-refresher while running a sophisticated malware operation. The extension exfiltrates page URLs, user agent data, and element IDs to a C&C server, injects remotely-served JavaScript into every page in the MAIN execution context (bypassing Chrome's sandbox), and hijacks outbound affiliate link clicks to monetise user traffic without the knowledge of users or website owners. The payload uses multiple evasion techniques including DOM self-removal, iframe fingerprinting, suppressed click events, and dynamically-served scripts. The extension has been reported to both Google and Microsoft for removal. Detection was possible through Report URI's JavaScript integrity monitoring, which tracks code executing in the browser context of customer websites.

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser