Phishy Business: Chrome Extensions Under Attack – How Cyberhaven Got Hooked

Cyberhaven’s Christmas Eve turned into a chaotic sleigh ride when a phishing attack targeted their Chrome extension, a reminder that supply chain security isn’t just for holiday gifts. With 36 extensions and 2.6 million users affected, it’s time to unwrap the issues of Chrome extension vulnerabilities and get serious about security.

3P
Published: January 3, 2025 2:09 pmAdded: January 3, 2025 at 6:20 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Ah, the holiday spirit! Nothing says ‘Merry Christmas’ like a cybercriminal sneaking down your digital chimney to steal your cookies! Cyberhaven’s developers probably wished they had asked Santa for a better email filter instead of those socks.

Key Points:

  • A phishing email masquerading as a Google communication led to a security breach at Cyberhaven.
  • The attack targeted Chrome extensions to exfiltrate data and potentially bypass captchas.
  • 36 different Chrome extensions affecting up to 2.6 million users have been linked to the attack.
  • Modern shadow IT practices leave companies vulnerable to supply-chain attacks through SaaS applications.
  • Developers are urged to adopt better security practices and monitoring for their browser extensions.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?