At least five Chrome extensions have been compromised in a coordinated attack, where a threat actor successfully injected code that stole sensitive information from users.
This is according to cybersecurity experts at Cyberhaven. The US-based data security company warned its customers about a breach that occurred on December 24, following a successful phishing campaign targeting the company’s administrator account on the Google Chrome Store.
Prominent among Cyberhaven's clients are popular brands such as Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart and Kirkland & Ellis.
Hackers took over employee accounts and released a malicious version (24.10.4) of the Cyberhaven extension, which included code that could steal authenticated sessions and cookies to the attacker's domain (cyberhavenext[.]pro).
Cyberhaven's internal security team removed the malware package within an hour of detection, the company said in an email to customers.
The clean version of the extension is v24.10.5 which was released on December 26. In addition to upgrading to the latest version, Cyberhaven Chrome extension users are advised to revoke non-FIDOv2 passwords, change all API tokens, and review browser logs to assess for malicious activity.
Many Chrome extensions have been hacked
Following Cyberhaven's disclosure, Nudge Security researcher Jaime Blasco conducted a deeper investigation, redirecting from the attacker's IP address and registered domain name.
According to Blasco, the malicious code that allowed the extension to receive commands from the attacker was also injected into other Chrome extensions at the same time:
Users of these extensions are advised to immediately remove them from their browsers or upgrade to a secure version released after December 26, after ensuring that the publisher is aware of the security issue and has fixed it.
If you are unsure, it is best to uninstall the extension, reset important account passwords, clear browser data, and reset browser settings to factory defaults.
Long-distance travel can involve heavy traffic, changing weather conditions, and rider fatigue. If you are also dealing with the responsibilities of moving home, such as packing belongings or coordinating accommodation, a long ride may add unnecessary pressure to an already busy schedule.
Tired of Microsoft Teams shortcut error preventing you from opening the app? Follow our expert, step-by-step guide with the latest fixes for instant resolution. Works on Windows, Mac & web – no tech skills needed!
Tired of Microsoft Teams Task Management Sync Error halting your workflow? Follow our proven, step-by-step fixes to resolve sync issues fast and restore seamless task collaboration. No tech expertise needed!
Struggling with Microsoft Teams Wiki Error Formatting? This step-by-step guide reveals proven fixes for common wiki tab issues, ensuring smooth editing and collaboration in Teams. Get back to productive wikis fast!
Struggling with Microsoft Teams installation error on Linux? Discover step-by-step fixes for Ubuntu, Fedora & more. Resolve dependency issues, crashes, and errors quickly with our ultimate guide. Get Teams running smoothly today!
Struggling with Microsoft Teams "Error Page" not loading? Get step-by-step fixes for desktop, web, and mobile. Solve Microsoft Teams Error Page issues quickly and resume seamless teamwork today.
Tired of Microsoft Teams "Error Screenshot" blocking your workflow? Get proven, step-by-step solutions to resolve screenshot errors in Teams instantly and boost productivity. No tech skills needed!
Tired of Microsoft Teams "Error U" User blocking your chats? Get proven, step-by-step fixes to clear cache, reset, and restore seamless collaboration instantly.
Unlock the precise locations of Microsoft Teams registry keys on Windows 11. Step-by-step guide to find, access, and safely tweak them for optimal performance and troubleshooting. Essential for IT pros and Teams enthusiasts.
Tired of Microsoft Teams "Training Error" Video Lag ruining your meetings? Follow our step-by-step guide with the latest fixes for smooth video calls—no more frustration!
