Google Chrome extensions targeted by hackers to steal user passwords

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

(Image credit: Shutterstock)

Christmas Eve attack sees Cyberhaven Chrome extension hit
Some data could have been exfiltrated, Cyberhaven systems secure
Users are being told to change their passwords

Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens.

In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies, too.

The attack started as many others do – an employee fell for a phishing email and shared their credentials, giving the threat actor access to Cyberhaven’s systems.

Cyberhaven shares details of Christmas Eve attack

More specifically, the attacker obtained the worker’s Google Chrome Web Store credentials, allowing them to post a malicious version of its Chrome extension to the marketplace. Only version 24.10.4 was affected on Chrome-based browsers that auto-updated; the code was active between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26.

CEO Howard Ting said the compromise was detected by the firm’s security team at 11:54 PM UTC on Christmas Day – it was removed within an hour, noting, “I’m proud of how quickly our team reacted, with virtually everyone in the company interrupting their holiday plans to serve our customers, and acting with the transparency that is core to our company values.”

No other Cyberhaven systems, such as CI/CD processes and code signing keys, were compromised, however users’ cookies and authenticated sessions for certain targeted websites could have been exfiltrated.

Users are now being advised to maintain basic internet hygiene principles, such as ensuring that their extensions are up to date (in this case, version 24.10.5 or newer), reviewing logs for suspicious activity, and revoking or rotating all passwords that aren't FIDOv2.

The company has already implemented additional security measures to prevent similar future attacks and is actively cooperating with law enforcement.

We’ve listed the best privacy tools and anonymous browsers
Consider keeping your credentials safe with the best password managers
Apache Foundation urges users to patch now and fix major security worries

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!