Malext.io: Free threat intelligence database of malicious and policy-violating Chrome extensions

Browser extensions are a notorious blind spot in endpoint security; they possess high privileges and often evade traditional AV. Malext.io addresses this by maintaining a focused threat intelligence database that tracks not just active malware, but 'ghost' extensions—those removed from the Chrome Web Store that persist on user machines. By indexing these by Extension ID, it provides a concrete way for admins to audit their fleet for dormant threats. Technically, the project is less about proprietary scanning and more about intelligent aggregation. The value lies in the curation of diverse sources—from security blogs and GitHub IOC lists to automated store monitoring. The implementation of machine-readable feeds is the standout feature here. Offering STIX 2.1 and MISP formats transforms the tool from a simple lookup site into a functional component of a security pipeline, allowing for automated blocking or alerting in OpenCTI or Splunk. The interface is utilitarian and devoid of fluff, which is refreshing. The ability to filter by threat category (e.g., 'Fake AI' or 'Session Hijacking') provides immediate context on current attacker trends. However, the reliance on community reports and external blogs means there is an inherent lag between a threat's emergence and its indexing, and the 'Store Monitoring' automation's depth isn't fully transparent. This is a high-signal tool for IT administrators and SOC analysts who need to move beyond 'hoping' their users aren't installing sketchy plugins. It fills a critical gap in browser-layer visibility without requiring an expensive enterprise agent for basic threat matching.