What's crazy to me is how come AV's can't protect against this? It shouldn't be hard to monitor extensions that are being installed? And modifying browser DLL's is another big no no, I suppose you can block this with file/folder monitoring tools. Actually, even browser themselves should have built-in protection against this, but they don't. https://www.bleepingcomputer.com/ne...-extensions-on-300-000-browsers-patches-dlls/
