Cyberattack: Hackers have recently compromised a range of Chrome extensions used by different companies, with the attacks beginning in mid-December. Among the victims is Cyberhaven, a data protection firm based in California, which confirmed the breach in a statement shared with Reuters on Friday.
Cyberhaven revealed that the cyberattack occurred on Christmas Eve, specifically affecting their Chrome extension. The company indicated that cybersecurity experts have linked this breach to a broader campaign targeting developers of Chrome extensions across various industries.
In their statement, Cyberhaven emphasized that they are actively working with federal law enforcement to investigate the incident. However, the full scope of the attacks and the geographical extent remain unclear at this time.
Chrome extensions are small software programs that enhance users’ web-browsing experience. They are often used to add new features or functionalities to the browser, such as automatically applying coupons on shopping websites. For Cyberhaven, the compromised extension was crucial for monitoring and securing client data as it flowed through web-based applications.
Jaime Blasco, co-founder of Nudge Security based in Austin, Texas, reported discovering several other Chrome extensions that had been hijacked in a similar manner to Cyberhaven’s. One of these extensions was affected as early as mid-December. Blasco noted that many of the targeted extensions were linked to artificial intelligence (AI) tools and virtual private networks (VPNs), hinting at an opportunistic effort by the hackers to gather as much sensitive data as possible.
Blasco also pointed out that the attacks appeared to be random, suggesting that Cyberhaven was likely not a specific target of the hackers. He mentioned, “If I had to guess, this was just random. It seems like an effort to compromise as many extensions as possible.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has referred further questions to the affected companies. Alphabet, the parent company of Google, which developed the Chrome browser, has yet to provide a comment on the situation.
This wave of attacks highlights the vulnerabilities that exist in browser extensions, often trusted by users for added convenience. As investigations continue, experts urge users and businesses to be more vigilant about the security of their extensions, especially those that handle sensitive information.