Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Over 600,000 users exposed in Chrome hack: Are you one of them?

The cybersecurity firm Cyberhaven was the first known victim, with an employee falling for a phishing attack on December 24

byKerem Gülen
December 30, 2024
in News, Cybersecurity
Home News
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A recent attack campaign compromised 16 Chrome browser extensions, exposing over 600,000 users to potential data theft and credential compromise. The campaign targeted publishers via phishing, allowing attackers to inject malicious code into legitimate extensions.

Chrome extensions hacked: Over 600,000 users exposed

The cybersecurity firm Cyberhaven was the first known victim, with an employee falling for a phishing attack on December 24. This breach enabled attackers to publish a malicious version of Cyberhaven’s extension. On December 27, Cyberhaven confirmed that the extension was compromised, and malicious code had been injected to interact with an external command-and-control (C&C) server at cyberhavenext[.]pro.

The phishing email, disguised as a communication from Google Chrome Web Store Developer Support, created a false sense of urgency, claiming the recipient’s extension was at risk of removal due to policy violations. Clicking the link led them to a malicious OAuth application called “Privacy Policy Extension,” which gained the necessary permissions to upload a malicious version of the extension.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

After the Cyberhaven breach, researchers identified additional compromised extensions linked to the same C&C server, including AI Assistant – ChatGPT and Gemini for Chrome, VPNCity, and several others. John Tuckner, founder of Secure Annex, told The Hacker News that the attack campaign might date back to April 5, 2023.

Tuckner’s investigation connected the Cyberhaven and related attacks through shared malicious code in the “Reader Mode” extension. Some compromised extensions targeted Facebook accounts, specifically within Facebook Ads, aiming to exfiltrate cookies and access tokens.

Cyberhaven reported that the malicious extension was removed about 24 hours after it went live. However, it is warned that malicious code could still retrieve data from users who installed the compromised version before it was removed. Security teams continue to investigate other exposed extensions within this broader campaign.

Google Chrome two-factor authentication vulnerability

As the Cyberhaven breach unfolded, it revealed significant vulnerabilities, including the potential for hackers to bypass two-factor authentication protections. Cyberhaven confirmed that the attack specifically targeted logins to social media advertising and AI platforms.

The breach began with a phishing attack compromising an employee’s Google credentials, allowing the attacker to upload a malicious extension. Howard Ting, CEO of Cyberhaven, confirmed their team detected the malicious extension shortly after it went live on December 25 and removed it within an hour.

The compromised version affected only users who had auto-updated Chrome during the window when the malicious code was live. Cyberhaven took swift action, notifying customers and deploying a secure version of the extension.

Cyberhaven advised affected users to verify that they had updated their extension, revoke and rotate passwords that were not FIDOv2 compliant, and to review logs for suspicious activity. They have engaged external security firms to perform forensic analysis and are cooperating with law enforcement as part of their response to the breach.

Cyberhaven has reaffirmed its commitment to transparency and ongoing security improvements in light of the incident.


Featured image credit: Kerem Gülen/Midjourney

Tags: chromeCybersecurityFeatured

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.