Hackers have infiltrated a range of companies’ Chrome browser extensions in a series of attacks dating back to mid-December, experts and one victim confirmed. Among the affected organizations is California-based data protection company Cyberhaven, which confirmed the breach in a statement to Reuters on Friday (Washington local time).
“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, impacting our Chrome extension,” the company said. It referenced public remarks from cybersecurity experts who indicated that the attack was part of a broader campaign targeting Chrome extension developers across multiple companies.
Cyberhaven added, "We are actively cooperating with federal law enforcement." The full extent of the geographical impact of the hacks remains unclear.
Browser extensions, which customize users' web experiences, are commonly used for tasks like automatically applying coupons during online shopping. In Cyberhaven’s case, its Chrome extension was designed to monitor and secure client data in web-based applications.
Jaime Blasco, cofounder of Nudge Security in Austin, Texas, noted that several other Chrome extensions had been similarly compromised, with at least one attack occurring in mid-December. Extensions related to artificial intelligence and virtual private networks were among those affected, suggesting an opportunistic effort to harvest sensitive data through multiple subverted extensions.
"I’m almost certain this was not targeted specifically at Cyberhaven," Blasco said. "This seems like a random attack on as many extensions as possible."
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has referred inquiries to the affected companies. A request for comment from Alphabet, the parent company of Chrome, was not immediately returned.
Bd-pratidin English/ Jisan