This document summarizes a presentation about malicious browser extensions and rootkits. It discusses the history of malicious extensions for Firefox, Chrome, and Safari. It demonstrates how to create a homemade Firefox extension that can steal cookies and passwords, upload/download files, and execute binaries remotely without user interaction. The presentation notes risks of zombie browsers include bypassing firewalls/filtering and accessing all browser secrets. It also demonstrates defeating 2-factor authentication on Gmail and hacking ChromeOS, though the latter demo did not work due to security restrictions. The document concludes by calling on antivirus companies to improve extension detection, browser companies to restrict extensions further, and users to use separate systems for banking.