At least five Chrome extensions have been compromised in a coordinated attack, where a threat actor successfully injected code that stole sensitive information from users.
This is according to cybersecurity experts at Cyberhaven. The US-based data security company warned its customers about a breach that occurred on December 24, following a successful phishing campaign targeting the company’s administrator account on the Google Chrome Store.
Prominent among Cyberhaven's clients are popular brands such as Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart and Kirkland & Ellis.
Hackers took over employee accounts and released a malicious version (24.10.4) of the Cyberhaven extension, which included code that could steal authenticated sessions and cookies to the attacker's domain (cyberhavenext[.]pro).
Cyberhaven's internal security team removed the malware package within an hour of detection, the company said in an email to customers.
The clean version of the extension is v24.10.5 which was released on December 26. In addition to upgrading to the latest version, Cyberhaven Chrome extension users are advised to revoke non-FIDOv2 passwords, change all API tokens, and review browser logs to assess for malicious activity.
Many Chrome extensions have been hacked
Following Cyberhaven's disclosure, Nudge Security researcher Jaime Blasco conducted a deeper investigation, redirecting from the attacker's IP address and registered domain name.
According to Blasco, the malicious code that allowed the extension to receive commands from the attacker was also injected into other Chrome extensions at the same time:
Users of these extensions are advised to immediately remove them from their browsers or upgrade to a secure version released after December 26, after ensuring that the publisher is aware of the security issue and has fixed it.
If you are unsure, it is best to uninstall the extension, reset important account passwords, clear browser data, and reset browser settings to factory defaults.
Discover how to use Microsoft Teams Web App on any browser effortlessly. Step-by-step guide, tips, and troubleshooting for smooth collaboration anywhere. No downloads needed!
Tired of the frustrating Microsoft Teams "User Not Authorized" error blocking your meetings? Discover proven, step-by-step solutions to fix it fast and reclaim your productivity. Works on desktop, web, and mobile.
Struggling with Microsoft Teams errors on iPhone or iOS? Discover step-by-step fixes for crashes, sign-in issues, and more. Get back to seamless teamwork in minutes—no tech expertise needed!
Battling Microsoft Teams Tasks sync error? Get instant relief with our proven, step-by-step fixes for Tasks not syncing in Teams. Boost productivity now—no tech expertise needed!
Unlock the power of Microsoft Teams Breakout Rooms with this 2026 beginner tutorial. Step-by-step guide to create, manage, and elevate your virtual meetings effortlessly. Perfect for educators, teams, and beginners!
Struggling with Microsoft Teams "Error N" network errors? Get step-by-step fixes for Solving Microsoft Teams "Error N" Network problems, from quick restarts to advanced troubleshooting. Restore seamless calling and meetings now!
Tired of Microsoft Teams "Media Error" ruining your video shares? Follow our step-by-step guide with the latest fixes to get videos playing smoothly again – no restarts needed!
Tired of Microsoft Teams "Code Error" blocking your redemption? Get proven, step-by-step Troubleshooting Microsoft Teams "Code Error" Redemption solutions. Clear cache, update, and redeem successfully—fast and easy!
Stuck with Microsoft Teams "Error QSP" during installation? Follow our step-by-step guide with quick fixes to resolve the issue fast. Updated for the latest Teams versions—no tech skills needed!
Encountering Microsoft Teams "Offline Error" status? Discover proven, step-by-step troubleshooting tips to resolve it fast and get back to seamless collaboration. Updated with the latest fixes.
Tired of Microsoft Teams Test Call Error 2026 ruining your meetings? Discover simple, effective fixes to restore audio instantly. Step-by-step guide with expert tips for seamless Teams calls.
Frustrated with "Where is My Teams Calendar?" Troubleshoot syncing issues in Microsoft Teams step-by-step. Restore your calendar view and sync effortlessly—expert tips inside!
Struggling with Microsoft Teams Error 4vt9f Microphone Not Detected? Discover step-by-step fixes, from quick checks to advanced troubleshooting. Get your mic working instantly for seamless calls!
Struggling with Microsoft Teams Wiki Tab not loading error? Discover proven step-by-step fixes to resolve the issue quickly, restore your Wiki tabs, and boost team productivity without hassle.
Master how to join a Microsoft Teams meeting as a guest with our step-by-step 2026 guide. No account needed! Works on web, desktop, mobile—troubleshoot issues & pro tips included.
