Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
EU Age Verification App Bypassed Using Chrome Extension

EU Age Verification App Bypassed Using Chrome Extension

Posted on July 15, 2026 By CWS

Security researcher Paul Moore has revealed a significant vulnerability in the European Union’s age verification application. By using a Chrome extension powered by ClaudeAI, Moore demonstrated how to bypass the app’s security features, casting doubt on the efficacy of the EU’s privacy-centric age verification measures.

Exposing the App’s Design Flaw

The EU’s age verification system, touted for its ‘privacy-preserving’ design, is intended to confirm user age without sharing personal data. However, Moore’s proof-of-concept highlights a fundamental flaw: the system allows the reuse of over-18 attestations without linking them to a specific user identity.

In a video shared on X, Moore illustrated how the app can be deceived into repeatedly accepting a single ‘over 18’ token. This token can be reused across multiple sessions, circumventing the need for fresh verification each time.

Technical Vulnerabilities and Exploitation

Rather than attacking the cryptographic integrity of the system or server-side checks, Moore’s method involves a Chrome extension that intercepts and replays the age attestation. This loophole means that once an attestation is obtained, it can be leveraged repeatedly without further validation.

The app’s emphasis on privacy by withholding personal information inadvertently creates a security gap. Websites relying on the app cannot verify the attestation’s linkage to the current user, allowing the extension to exploit this separation between age assertion and user identity.

Implications for Privacy and Security

The EU’s policy aims to protect user privacy by ensuring age checks do not involve personal data. However, Moore’s findings suggest that this approach ultimately undermines the system’s reliability. The app’s design allows a single valid token to be captured and reused, turning it into a versatile ‘adult access pass.’

Despite claims of security enhancements over recent months, Moore argues that these tweaks cannot resolve the system’s inherent design flaws. The reliance on anonymous, reusable proofs lacks the context needed for effective enforcement and remains susceptible to replay or automation attacks.

For website operators subject to EU age verification requirements, Moore’s research serves as a cautionary tale. It underscores the need for more robust verification methods beyond the official app, which fails to deliver the expected level of protection against potential abuse.

Cyber Security News Tags:age verification bypass, anonymous attestation, browser extension, Chrome extension, ClaudeAI, Cybersecurity, EU age verification, identity verification, internet security, Paul Moore, Privacy, security flaw

Post navigation

Previous Post: Chrome 150 and Firefox 152 Updates Fix Critical Bugs
Next Post: AsyncAPI npm Packages Compromise Sparks Botnet Concerns

Related Posts

Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization Cyber Security News
Fire Ant Hackers Exploiting Vulnerabilities in VMware ESXi and vCenter Fire Ant Hackers Exploiting Vulnerabilities in VMware ESXi and vCenter Cyber Security News
Threats Actors Leverage Python-based Malware to Inject Process into a Legitimate Windows Binary Threats Actors Leverage Python-based Malware to Inject Process into a Legitimate Windows Binary Cyber Security News
Phishing Campaigns Exploit RMM Tools for Unauthorized Access Phishing Campaigns Exploit RMM Tools for Unauthorized Access Cyber Security News
Top Post-Quantum Cryptographic Solutions for 2026 Top Post-Quantum Cryptographic Solutions for 2026 Cyber Security News
5 Email Attacks SOCs Cannot Detect Without A Sandbox  5 Email Attacks SOCs Cannot Detect Without A Sandbox  Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • SonicWall Urges Immediate Fixes for Critical Firewall Flaws
  • Zero-Day Vulnerability Causes ShareFile Service Interruption
  • AsyncAPI npm Packages Compromise Sparks Botnet Concerns
  • EU Age Verification App Bypassed Using Chrome Extension
  • Chrome 150 and Firefox 152 Updates Fix Critical Bugs

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • SonicWall Urges Immediate Fixes for Critical Firewall Flaws
  • Zero-Day Vulnerability Causes ShareFile Service Interruption
  • AsyncAPI npm Packages Compromise Sparks Botnet Concerns
  • EU Age Verification App Bypassed Using Chrome Extension
  • Chrome 150 and Firefox 152 Updates Fix Critical Bugs

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark