Explorer

Google Chrome Extensions Under Attack: Hackers Are Spreading Code To Steal Sensitive Information, Here's All We Know

The attack specifically targeted login credentials for certain social media advertising and AI platforms.

A cyberattack campaign of advanced complexity has been identified, targeting 16 Chrome extensions with the intention of stealing sensitive information from Facebook ad users. Cybersecurity firm Cyberhaven has conducted an initial investigation, revealing that these malicious extensions were designed to extract highly sensitive data.

This includes user IDs, access tokens, cookies, account credentials, and other critical information tied to Facebook ad management.

ALSO READ | Amid H-1B Row, Elon Musk Wants Twitterati To Be More 'Positive' & 'Beautiful' On X: Here's What Happened

Google Chrome Extensions Attack: What All Do We Know

In a report by Reuters, security expert Jaime Blasco clarified that the cyberattack was not specifically directed at Cyberhaven but appeared to be a random malware injection. Blasco further noted that the malicious code found in the extensions was not exclusive to Cyberhaven-related breaches. The same harmful code was embedded in VPN and AI-related extensions, leading to security breaches across other organisations. These findings highlight the growing risk posed by compromised browser extensions, emphasising the importance of stringent security measures for protecting sensitive user data.

Cyberhaven, a cybersecurity company with a distinguished clientele that includes major names like Snowflake, Motorola, Canon, Reddit, AmeriHealth, and Upstart, recently experienced a security breach. According to a blog post by the company, its Chrome extension fell victim to a hack on December 24. The attack specifically targeted login credentials for certain social media advertising and AI platforms. In addition to Cyberhaven, other Chrome extensions such as ParrotTalks, Uvoice, VPNCity, and 13 others were also compromised.

Cyberhaven emphasised that the incident was both brief and contained. The malicious activity only affected version 24.10.4 of its Chrome extension, and the harmful code remained active for less than a day. The company has yet to disclose the exact number of customers it has informed about the breach. However, it assured users that only Chrome browsers with auto-updates enabled during the short window of the cyberattack were impacted.

View More
Advertisement
Advertisement
Thu Feb 27, 7:50 pm
connaught place
19.2°
Precipitation: 0 mm    Humidity: 76%   Wind: ESE 13 km/h
See Today's Weather
Powered By:
Accu Weather
Advertisement

Top Headlines

Tuhin Kanta Pandey Appointed As SEBI Chairman, Succeeds Madhabi Puri Buch
Tuhin Kanta Pandey Appointed As SEBI Chairman, Succeeds Madhabi Puri Buch
Drones, Sniffer Dogs, Special Teams: Police Tracking Pune Rape Accused Through Long Sugarcane Fields
Drones, Sniffer Dogs, Special Teams: Police Tracking Pune Rape Accused Through Long Sugarcane Fields
Car Runs Into Pedestrians In Suspected Terror Attack In Israel, 8 Injured
Car Runs Into Pedestrians In Suspected Terror Attack In Israel, 8 Injured
Family Of Maharashtra Student, Battling For Life After Accident In US, Gets Visa Appointment
Family Of Maharashtra Student, Battling For Life After Accident In US, Gets Visa Appointment
Advertisement
ABP Premium

Videos

Gujarat News: Massive Fire Erupts At Surat Textile Market, Watch Big Updates Of The HourPune Crime News: Police Yet to Make Breakthrough in Rape Case, Transport Minister Takes Major ActionMahakumbh 2025: Ashwini Vaishnaw Reaches Prayagraj for Grand Finale, to Inspect Railway StationsMaha Kumbh 2025: A Divine Confluence – Faith Creates a 'Mega Record'! | Prayagraj | CM Yogi

Photo Gallery

Embed widget