Hackers Launch a Supply Chain Attack by Injecting Malicious Code into Hijacked Chrome Extensions
Over 2.6 million people may have been affected by a massive supply chain attack leveraging over 35 compromised Chrome extensions to take over Facebook Ad accounts.
Hackers hijack Chrome extensions, experts report
In a concerning development for the cybersecurity world, experts report that hackers have hijacked a wide range of companies’. The attack, which appears to be widespread, has sparked alarm among industry professionals and users alike.
Time to check if you ran any of these 33 malicious Chrome extensions
The malicious extension, available as version 24.10.4, was available for 31 hours, from December 25 at 1:32 AM UTC to Dec 26 at 2:50 AM UTC. Chrome browsers actively running Cyberhaven during that window would automatically download and install the malicious code. Cyberhaven responded by issuing version 24.10.5, and 24.10.6 a few days later.
Hackers hijacked legitimate Chrome extensions to try to steal data
Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes. Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET.
Cyber firm’s Chrome extension hijacked to steal user passwords
The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."
Cyberhaven says hackers targeted Chrome extensions on Christmas
Cyberhaven, a California-based cyber security firm says it was recently hacked on Christmas Eve, and that the hackers were targeting Chrome extensions. Cyberhaven doesn’t mention what the reasoning for the attack was,
Cyberhaven breach caused by malicious Chrome extension
Dec. 25, 2024, cybersecurity firm Cyberhaven was the target of a large-scale attack. Through their Chrome extension, 400,000 users were
Cybersecurity firm's Chrome extension hijacked to steal users' data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
I found a malicious Chrome extension on my system - here's how and what I did next
When Chrome flagged an extension for malware, it triggered hours of cleanup. Learn how to check your extensions, clear malware, and keep your browser secure for the future.
Hacked Chrome extensions put 2.6 million users at risk of data leak
Tech expert Kurt “CyberGuy" Knutsson says hackers are embedding dangerous code in Chrome extensions to steal your data.
Chrome extensions hijacked in phishing attack
Stay informed about the latest phishing attack where several Chrome extensions were hijacked, compromising user security and data.
Google Chrome Attack Alert—Full List Of Hacked Extensions Published
Hackers have targeted Google Chrome users in a frightening 2FA bypass attack—a full list of impacted extensions has now been ...
SecurityWeek9d
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.
Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices
The attack, which began on Christmas Eve, exploited a vulnerability in the Chrome Web Store's developer authentication system ...
Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk
An attack aimed at bypassing two-factor authentication cookies for Google Chrome users has been confirmed—here’s what you ...