This holiday season, some companies found themselves dealing with more than festive cheer — a cyberattack targeting Chrome extensions left them scrambling to protect user data.
According to a report by Reuters, hackers successfully hijacked several Chrome extensions, exploiting them to deploy malicious code aimed at stealing sensitive user information, including browser cookies and authentication credentials. Cyberhaven, a cybersecurity firm and one of the victims of the attack, reported that the hackers appeared focused on accessing social media advertising accounts, such as Facebook Ads, and credentials for AI platforms.
The attack unfolded on Christmas Eve, when Cyberhaven’s compromised extension was updated with the harmful code. The breach was identified on Christmas Day, and within an hour, Cyberhaven rolled out a fix to secure its users. Notifications about the attack were sent to users via email on Friday morning.
Other extensions confirmed to have been affected include Internxt VPN, ParrotTalks, Uvoice, and VPNCity — all of which collectively serve tens of thousands of users, as listed on the Chrome Web Store.
The breach was initiated through a phishing email targeting a Cyberhaven employee. Believing the email to be an official Google communication, the employee entered their credentials on a fraudulent page, granting hackers access to update the extension.
Cyberhaven stated that the attack did not seem to target specific companies but was likely part of a broader phishing campaign aimed at Chrome extension developers.
The full extent of the attack’s impact on users remains uncertain as investigations continue. Cyberhaven and other affected developers are urging users to stay vigilant and update their extensions to the latest secure versions.
Read More News:
Meta Quest 2 and 3 Face Update Glitches — Here’s How to Fix It
Apple Discontinues iPhone 14 and iPhone SE in Compliance with EU Regulations