Chrome Catastrophe: 36 Malicious Extensions Threaten Millions with Data Theft!

Cyberhaven’s Chrome extension was hijacked after a phishing attack, and now 2.6 million users are at risk. Hackers used a fake Google consent screen to upload a malicious version that steals passwords and cookies. Developers beware: your public email could be an open invitation for cyber shenanigans.

3P
Published: January 2, 2025 10:19 amAdded: January 2, 2025 at 2:46 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It’s time to put on your tinfoil hats, folks! The digital pickpockets have found a new way to rummage through our virtual wallets, and this time, they’re going straight for the browser extensions. Be afraid, be very afraid… or, you know, just be cautious when clicking on those tempting upgrade emails.

Key Points:

  • Researchers have discovered a major data theft campaign targeting Google Chrome extensions.
  • At least 36 extensions have been compromised, affecting up to 2.6 million users.
  • The campaign began with Cyberhaven’s extension being hijacked through a phishing attack.
  • Malicious versions of extensions can steal passwords, cookies, and enable account takeovers.
  • Browser extensions are becoming a popular target for cybercriminals, with potential threats to corporate security.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?