At least five Chrome extensions have been compromised in a coordinated attack, where a threat actor successfully injected code that stole sensitive information from users.
This is according to cybersecurity experts at Cyberhaven. The US-based data security company warned its customers about a breach that occurred on December 24, following a successful phishing campaign targeting the company’s administrator account on the Google Chrome Store.
Prominent among Cyberhaven's clients are popular brands such as Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart and Kirkland & Ellis.
Hackers took over employee accounts and released a malicious version (24.10.4) of the Cyberhaven extension, which included code that could steal authenticated sessions and cookies to the attacker's domain (cyberhavenext[.]pro).
Cyberhaven's internal security team removed the malware package within an hour of detection, the company said in an email to customers.
The clean version of the extension is v24.10.5 which was released on December 26. In addition to upgrading to the latest version, Cyberhaven Chrome extension users are advised to revoke non-FIDOv2 passwords, change all API tokens, and review browser logs to assess for malicious activity.
Many Chrome extensions have been hacked
Following Cyberhaven's disclosure, Nudge Security researcher Jaime Blasco conducted a deeper investigation, redirecting from the attacker's IP address and registered domain name.
According to Blasco, the malicious code that allowed the extension to receive commands from the attacker was also injected into other Chrome extensions at the same time:
Users of these extensions are advised to immediately remove them from their browsers or upgrade to a secure version released after December 26, after ensuring that the publisher is aware of the security issue and has fixed it.
If you are unsure, it is best to uninstall the extension, reset important account passwords, clear browser data, and reset browser settings to factory defaults.
iOS 18 added a feature that makes the month view much more useful — you can now zoom out by pinching the screen, allowing you to see nearly two months right on the home screen.
Below are the most profound and meaningful words of thanks to father, please refer to them to express your love and care for your father, your beloved father, who has always accompanied and silently sacrificed for his children.
What is an integer? What is a positive integer? This article will give you the answer.
Using drawing models in Word content will help readers have a better overview and understanding of the content, as well as increase the liveliness of the content of the article.
Gemini can remember things about your life, hobbies, work details, concerns,... thanks to the new Gemini Memory feature.
The Galaxy Z Fold 6 may not seem like a huge upgrade over the Z Fold 5, but Samsung has improved the hardware and added some nifty features to make for a better experience.
Cerebras Systems has unveiled the largest AI chip based on the 7nm process, called Wafer Scale Engine 2.
A California tech startup is teaching computers how to taste wine. The company is using the technology to help winemakers improve their products and attract new customers.
Google has been increasingly showing interest in the field of artificial intelligence applications in medicine.
If you don't like the avatar with your name's abbreviation, you can set a public Telegram profile picture, hide your Telegram avatar from someone but they can still see your public Telegram profile picture.
File Explorer is still an important part of Windows, and with a few smart updates, Microsoft could improve things even more for users.
Thieu Hiep Xin Dung Buoc will also help you by giving giftcodes and you can use this code to redeem rewards.
Leaving aside all the season 13 champions, we will come to the season 14 champions of Truth Arena: Technology City.
The Media Creation Tool allows you to reinstall Windows using a USB or DVD.
The expensive AirPods Max are actually getting better. Apple just announced that both lossless audio and ultra-low latency audio will soon be available on its premium headphones.
