Cyber firm’s Chrome extension hijacked to steal user passwords
The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."
Chrome extensions hijacked in phishing attack
Stay informed about the latest phishing attack where several Chrome extensions were hijacked, compromising user security and data.
Hackers hijacked legitimate Chrome extensions to try to steal data
Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes. Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET.
Time to check if you ran any of these 33 malicious Chrome extensions
The malicious extension, available as version 24.10.4, was available for 31 hours, from December 25 at 1:32 AM UTC to Dec 26 at 2:50 AM UTC. Chrome browsers actively running Cyberhaven during that window would automatically download and install the malicious code. Cyberhaven responded by issuing version 24.10.5, and 24.10.6 a few days later.
Cyberhaven breach caused by malicious Chrome extension
Dec. 25, 2024, cybersecurity firm Cyberhaven was the target of a large-scale attack. Through their Chrome extension, 400,000 users were
Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know
As reported by The Hacker News, a dangerous new campaign targeting browser extensions has been spotted online. So far, at least 16 extensions have been compromised, with over 600,000 Chrome users now at risk of exposing their browsing data and account credentials online.
I found a malicious Chrome extension on my system - here's how and what I did next
When Chrome flagged an extension for malware, it triggered hours of cleanup. Learn how to check your extensions, clear malware, and keep your browser secure for the future.
Hacked Chrome extensions put 2.6 million users at risk of data leak
Tech expert Kurt “CyberGuy" Knutsson says hackers are embedding dangerous code in Chrome extensions to steal your data.
Data-loss prevention company Cyberhaven hit by breach, statement says
By Raphael Satter and AJ Vicens Hackers compromised an employee of the data-protection company Cyberhaven and used the worker ...
Malicious Browser Extensions are the Next Frontier for Identity Attacks
A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more ...
Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices
The attack, which began on Christmas Eve, exploited a vulnerability in the Chrome Web Store's developer authentication system ...
SecurityWeek7d
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.
CSOonline6d
SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach
SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago ...
5 browser extension rules to live by to keep your system safe in 2025
If you use browser extensions, you should be careful about which ones you install and use. Here's how you can do that.