Chrome Extension Catastrophe: Hackers Hijack and Harvest User Data!
At least five Chrome extensions, including Cyberhaven, were compromised in a coordinated attack with code injected to steal sensitive user info. Cyberhaven swiftly removed the threat, but users should upgrade to the latest version and review browser logs. Other affected extensions include Internxt VPN, VPNCity, Uvoice, and ParrotTalks.
Hot Take:
Looks like even Chrome extensions are getting into the holiday spirit of giving… giving away your data, that is! Just when we thought it was safe to extend our browsing capabilities, hackers remind us that nothing says ‘Happy Holidays’ like a well-timed data breach. So, if you’re using compromised extensions, consider this a festive reminder to update your security measures—because nothing says ‘New Year, New You’ like changing your passwords!
Key Points:
- Cyberhaven’s Chrome extension was compromised through a phishing attack, allowing hackers to publish a malicious version.
- The breach affected Chrome extensions like Internxt VPN, VPNCity, Uvoice, and ParrotTalks.
- Users are advised to update to the latest safe versions and review their security settings.
- Cyberhaven acted swiftly to remove the malicious extension and notify users.
- Researcher Jaime Blasco uncovered more potentially compromised extensions.