Seoul, December 30, 2024 – Hackers have recently compromised several legitimate Google Chrome extensions, embedding malicious code designed to steal users’ passwords and other sensitive data. This attack targeted extensions from various companies, including Cyberhaven, a data-loss prevention firm, which confirmed the breach on December 24, 2024. The compromised extensions were hijacked to exfiltrate authenticated sessions and cookies to the attacker’s domain. The malicious update remained active for approximately 25 hours before being removed.
This incident highlights the critical need for users to exercise caution when installing or updating browser extensions. It’s advisable to download extensions only from trusted sources, regularly review and manage installed extensions, and promptly remove any that are no longer needed or appear suspicious. Users should also be vigilant about any unusual activity or behavior from their browser extensions, as these may signal a potential security risk.
For organizations, it is essential to monitor the integrity of their software supply chains and implement robust security measures to detect and mitigate such attacks. Regular security audits and prompt responses to identified vulnerabilities can help protect both user data and organizational assets, ensuring that cyber threats do not compromise sensitive information or systems.
