A recent cyber attack has compromised at least 16 Chrome browser extensions, exposing the data of over 600,000 users to potential theft. The attackers executed a phishing campaign to infiltrate publishers of these extensions, using their permissions to inject malicious scripts aimed at stealing cookies and user access tokens.
The first known victim was Cyberhaven, a cybersecurity firm, which reported on December 27 that its browser extension was breached. The attackers used this vulnerability to connect to an external Command and Control (C&C) server and download further malicious configuration files, allowing them to exfiltrate user data.
Or Eshed, the CEO of LayerX Security, commented on the incident, highlighting the inherent risks associated with browser extensions. He noted that these extensions often have extensive permissions, granting access to sensitive information like cookies, access tokens, and identities. Furthermore, many organizations are unaware of the extensions installed on their systems, leading to significant exposure.
After Cyberhaven’s breach was made public, other compromised extensions were identified that had also been communicating with the same C&C server. A list of potentially affected extensions includes:
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
The breadth of the attack suggests a large-scale campaign targeted at legitimate browser extensions rather than an isolated incident with Cyberhaven.
In particular, analysis of Cyberhaven’s compromised extension revealed that it targeted identity data and access tokens related to Facebook accounts, especially those tied to businesses. Although the malicious version of the extension was removed shortly after discovery, the risk remains as long as the compromised versions are live on users’ endpoints.
Security researchers are actively searching for additional exposed extensions, but the complexity and scale of this attack present considerable challenges for organizations in securing browser extensions and protecting user data.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.