A major security breach has hit the Chrome Web Store, with hackers compromising 16 popular browser extensions and potentially exposing sensitive data of more than 600,000 users. The attack targeted extension publishers through sophisticated phishing campaigns, allowing criminals to inject malicious code into legitimate extensions.
Cybersecurity firm Cyberhaven first revealed the breach on December 27, discovering that attackers had modified their Chrome extension to communicate with a suspicious command and control server at cyberhavenext[.]pro. The compromised extension could download additional files and steal user data.
The investigation quickly uncovered 15 other affected extensions, including popular tools like:
- AI Assistant for Chrome
- Bard AI Chat Extension
- GPT 4 Summary
- Copilot AI Assistant
- VPNCity
- Several video and bookmark management tools
The malicious code specifically targeted Facebook business accounts, stealing identity data and access tokens. While Cyberhaven removed their compromised extension within 24 hours, security experts warn that users with older versions installed remain at risk.
"Browser extensions are the soft underbelly of web security," notes Or Eshed, CEO of LayerX Security. He explains that many organizations underestimate the extensive permissions granted to extensions, which can access sensitive data like cookies and identity information.
The sophisticated nature of this attack has raised alarms in the cybersecurity community. While some compromised extensions have been updated or removed from the Chrome Web Store, security researchers continue searching for additional affected tools.
This incident serves as a stark reminder for users and organizations to regularly review their browser extensions and their associated permissions. Users of any affected extensions should immediately update or remove them to protect their data.