Chrome Extension Chaos: 600,000 Users Exposed in Massive Hack Attack

In a supply chain attack, threat actors compromised 16 Chrome browser extensions, exposing data from over 600,000 users. One of the victims, Cyberhaven, saw a malware-laced version of its extension published. The attack targeted publishers via phishing, allowing hackers to insert malicious code and steal cookies and access tokens.

3P
Published: December 31, 2024 4:25 pmAdded: December 31, 2024 at 8:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When it comes to Chrome extensions, it seems like the real “extension” here is the hackers’ reach! Who knew “updating your browser” could actually mean “giving hackers a VIP pass to your data party”? Next time your browser requests an update, you might want to consider telling it, “Thanks, but I like my cookies where they are!”

Key Points:

  • 16 Chrome browser extensions were compromised, affecting over 600,000 users.
  • Threat actors used phishing attacks to gain access to publishers’ accounts on the Chrome Web Store.
  • The malicious code in the extensions was used to steal cookies and access tokens.
  • Cybersecurity firm Cyberhaven was among the victims, with a malicious version of their extension published briefly.
  • The attack was part of a broader campaign targeting Facebook Ads users.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?