Google Chrome Extensions Under Attack: Hackers Are Spreading Code To Steal Sensitive Information, Here's All We Know

The attack specifically targeted login credentials for certain social media advertising and AI platforms.

By : ABP News Bureau | Updated at : 31 Dec 2024 12:13 AM (IST)

Google Chrome Extensions Under Attack Cyberattack Cybersecurity Dangerous Code Google Chrome Extensions Under Attack: Hackers Are Spreading Code To Steal Sensitive Information, Here's All We Know

This incident underscores the critical need for vigilance when it comes to browser extension security.

A cyberattack campaign of advanced complexity has been identified, targeting 16 Chrome extensions with the intention of stealing sensitive information from Facebook ad users. Cybersecurity firm Cyberhaven has conducted an initial investigation, revealing that these malicious extensions were designed to extract highly sensitive data.

This includes user IDs, access tokens, cookies, account credentials, and other critical information tied to Facebook ad management.

ALSO READ | Amid H-1B Row, Elon Musk Wants Twitterati To Be More 'Positive' & 'Beautiful' On X: Here's What Happened

Google Chrome Extensions Attack: What All Do We Know

In a report by Reuters, security expert Jaime Blasco clarified that the cyberattack was not specifically directed at Cyberhaven but appeared to be a random malware injection. Blasco further noted that the malicious code found in the extensions was not exclusive to Cyberhaven-related breaches. The same harmful code was embedded in VPN and AI-related extensions, leading to security breaches across other organisations. These findings highlight the growing risk posed by compromised browser extensions, emphasising the importance of stringent security measures for protecting sensitive user data.

Cyberhaven, a cybersecurity company with a distinguished clientele that includes major names like Snowflake, Motorola, Canon, Reddit, AmeriHealth, and Upstart, recently experienced a security breach. According to a blog post by the company, its Chrome extension fell victim to a hack on December 24. The attack specifically targeted login credentials for certain social media advertising and AI platforms. In addition to Cyberhaven, other Chrome extensions such as ParrotTalks, Uvoice, VPNCity, and 13 others were also compromised.

Cyberhaven emphasised that the incident was both brief and contained. The malicious activity only affected version 24.10.4 of its Chrome extension, and the harmful code remained active for less than a day. The company has yet to disclose the exact number of customers it has informed about the breach. However, it assured users that only Chrome browsers with auto-updates enabled during the short window of the cyberattack were impacted.