In a stark reminder of the ever-evolving threats in cyberspace, multiple popular Google Chrome extensions have been hacked. These compromised extensions put millions of users at risk, as attackers exploit their widespread usage to deliver malicious payloads or steal sensitive information. Let’s break down what happened, how it impacts you, and steps you can take to secure your online activity.
Cybersecurity firm Cyberhaven was the first known victim to report this Chrome extension compromise. On December 27, Cyberhaven revealed that attackers injected malicious code into their browser extension, connecting to a Command and Control (C&C) server. The breach occurred after a phishing attack on a Cyberhaven employee, granting access to their Chrome Web Store account. The hacker uploaded a malicious version of the extension, which was removed within 60 minutes.
The attack targeted Chrome browsers with auto-updates, potentially exfiltrating cookies and authenticated session tokens. Cyberhaven advised customers to update to version 24.10.5 or newer, revoke passwords lacking FIDOv2, and review activity logs.
Cyberhaven suspects this attack is part of a larger campaign targeting Chrome extension developers, specifically aiming at social media advertising and AI platform logins.
It wasn’t just Cyberhaven that was targeted by hackers. In this Reuters article, they site a wide variety of Chrome Extension providers having been targeted and compromised to release hackers versions of Chrome Extensions over the holidays when cybersecurity teams are on vacation and the maximum damage can be done. CyberNews reported 25 extensions impacting 2 million people were potentially impacted by this string of targeted attacks.
Chrome extensions are often granted extensive permissions to access sensitive data, such as:
A compromised extension can leverage these permissions to cause significant harm, such as stealing financial details, spreading malware, or compromising corporate networks.
Key Takeaway: A single compromised extension can turn your browser into a gateway for attackers.
Here’s an initial list or reported extensions alleged to have been compromised. If you operate one of these, either upgrade to a known good version or disable and uninstall until a known good version has been released.
This incident underscores the broader vulnerabilities in browser-based ecosystems. It also underscores the importance of teaching your end users how to spot and avoid Phishing attack emails with regular positive reinforcement training similar to what CyberHoot provides in our innovative product.
Extensions, though convenient, are a double-edged sword. Their integration with your browser can either enhance productivity or become a significant security risk.
Final Thoughts:
Cybersecurity is a shared responsibility. While tech companies must fortify their platforms, users should adopt proactive habits to stay secure.
By staying informed and cautious, you can protect yourself from these evolving threats. Review your extensions today—don’t let a small tool become a big problem.
Not ready to sign up yet, but want to learn more? Attend our monthly webinar to see a demo of CyberHoot, ask questions, and learn what’s new.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read more
Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...
Read more
A newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
