Hackers Target Multiple Companies’ Chrome Extensions in Widespread Campaign

Hackers have compromised a variety of companies’ Chrome browser extensions in a series of cyberattacks that began in mid-December, according to affected firms and cybersecurity experts. One confirmed victim, Cyberhaven, a California-based data protection company, revealed the breach in a statement to Reuters on Friday.

“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the company said. It referenced cybersecurity experts’ findings, which indicated the breach was part of a broader campaign targeting Chrome extension developers across multiple organizations. The company also confirmed it is cooperating with federal law enforcement authorities in its investigation.

Browser extensions, often used to enhance user experience through features like auto-applying coupons or improving data management, were exploited in this campaign to compromise sensitive data. Cyberhaven’s Chrome extension is specifically designed to help monitor and secure client data across web-based applications.

Jaime Blasco, cofounder of Nudge Security in Austin, Texas, noted that Cyberhaven is not an isolated case. He identified several other compromised extensions, some impacted as early as mid-December. These included extensions related to artificial intelligence and virtual private networks (VPNs), suggesting an opportunistic approach aimed at collecting as much sensitive data as possible from a wide range of sources.

Blasco said, “I’m almost certain this is not targeted to Cyberhaven. If I had to guess, this was just random.”

The geographical reach of the campaign remains unclear. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) declined to comment, referring inquiries to the affected companies. Alphabet, the parent company of Google and maker of the Chrome browser, did not immediately respond to requests for comment.

This incident highlights the vulnerabilities associated with browser extensions and the potential for malicious actors to exploit them for broad data collection efforts. Experts urge developers and users alike to exercise caution and maintain robust security measures for extensions to prevent similar breaches.