Exclusive News

Hackers Target Chrome Extensions in Widespread Cyberattack Campaign

Key Points

Hackers compromised multiple Chrome browser extensions in a December cyberattack campaign.
California-based Cyberhaven confirmed its Chrome extension was breached on Christmas Eve.
The attacks appeared to target extensions related to AI and VPNs opportunistically.
The scope and motive of the campaign suggest random exploitation of vulnerabilities.

According to experts and one of the impacted firms, a series of cyberattacks compromising Chrome browser extensions has affected multiple companies, with incidents traced back to mid-December. Among the victims is California-based Cyberhaven, a data protection company, which confirmed the breach on Friday.

Cyberhaven disclosed that the attack occurred on Christmas Eve and impacted its Chrome extension, which monitors and secures client data across web applications. The company acknowledged public comments from cybersecurity experts suggesting the breach was part of a broader campaign targeting Chrome extension developers across various sectors. Cyberhaven is actively collaborating with federal law enforcement to address the situation.

The geographical scope of the attacks remains unclear, but the compromised extensions span multiple functionalities. Browser extensions, widely used to enhance web browsing experiences by offering features such as automated coupons, were exploited for potentially nefarious purposes.

Jaime Blasco, co-founder of Texas-based Nudge Security, identified several additional compromised Chrome extensions that were similarly affected to Cyberhaven’s. Some breaches were traced back to mid-December, with the targeted extensions linked to artificial intelligence tools and virtual private networks. This diversity of targets suggests an opportunistic campaign aimed at harvesting sensitive data through as many compromised extensions as possible.

Blasco emphasized that Cyberhaven did not appear to be the specific focus of the attacks. Instead, the campaign seemed random, aiming to exploit vulnerabilities across a range of extensions. “If I had to guess, this was just random,” Blasco remarked.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) declined to comment, directing inquiries to the affected companies. Alphabet, the Chrome browser developer, did not immediately respond to requests for comment. This breach highlights the growing risks associated with browser extensions and the importance of robust cybersecurity measures to protect users and businesses from malicious campaigns.

EDITORIAL TEAM

TechGolly editorial team led by Al Mahmud Al Mamun. He worked as an Editor-in-Chief at a world-leading professional research Magazine. Rasel Hossain and Enamul Kabir are supporting as Managing Editor. Our team is intercorporate with technologists, researchers, and technology writers. We have substantial knowledge and background in Information Technology (IT), Artificial Intelligence (AI), and Embedded Technology.