Hackers exploit vulnerabilities in popular Chrome extensions, potentially exposing user data across numerous companies. Investigate underway.
Washington, USA - December 28, 2024:
A series of cyberattacks targeting Chrome browser extensions has been uncovered, with hackers compromising the software of multiple companies since mid-December.
One of the victims, Cyberhaven, a California-based data protection company, confirmed the breach in a statement. They acknowledged public statements from cybersecurity experts suggesting the attack was part of a broader campaign targeting Chrome extension developers across various industries.
The compromised extensions, used to enhance web browsing experiences, were exploited to potentially steal sensitive data. These included extensions related to artificial intelligence and virtual private networks, indicating an opportunistic approach to data collection.
Jaime Blasco, co-founder of Nudge Security, observed several other extensions compromised in a similar manner. He emphasized the likely indiscriminate nature of the attacks, suggesting they were not specifically targeted at Cyberhaven.
The geographical scope of the hacks remains unclear. Cyberhaven is actively cooperating with federal law enforcement to investigate the incident.
This incident highlights the growing threat of cyberattacks targeting browser extensions and the critical need for robust security measures to protect user data.
