A series of cyberattacks targeting Chrome browser extensions has compromised multiple companies since mid-December, with the campaign reportedly affecting extensions related to data protection, artificial intelligence, and virtual private networks (VPNs).
Cyberhaven Among the Victims
One victim, California-based Cyberhaven, confirmed the breach in a statement to Reuters on Friday.
“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the company stated. The attack, according to Cyberhaven and cybersecurity experts, is part of a broader campaign aimed at Chrome extension developers across various industries.
The compromised extension, used by Cyberhaven to secure and monitor client data within web-based applications, underscores the risks these browser add-ons pose when exploited.
A Widespread Campaign
Broader Implications
Jaime Blasco, co-founder of Nudge Security, revealed that Cyberhaven is just one of several affected organizations. Extensions related to artificial intelligence and VPN services were also compromised, hinting at an opportunistic campaign aimed at collecting sensitive data.
“I’m almost certain this is not targeted to Cyberhaven,” Blasco said. “If I had to guess, this was just random.”
Unclear Geographic Scope
The full extent of the campaign remains unclear, but the inclusion of diverse extensions suggests the attackers’ intent to maximize data collection across industries and users.
Federal and Industry Response
Cyberhaven is cooperating with federal law enforcement, while other affected companies have yet to release statements. The Cybersecurity and Infrastructure Security Agency (CISA) deferred questions to the impacted organizations.
Alphabet Inc., the maker of Chrome, has not responded to requests for comment, leaving unanswered questions about potential vulnerabilities within the browser’s extension ecosystem.
Browser Extensions: Convenience and Risk
Browser extensions are commonly used to enhance user experiences, such as applying coupons to shopping websites or adding productivity tools. However, their ability to access sensitive data makes them attractive targets for hackers.
In this case, the attacks demonstrate the potential scale of harm when malicious actors compromise widely used tools.
This campaign highlights the importance of robust security practices for extension developers and users alike. Regular updates, rigorous vetting processes, and prompt reporting of suspicious activity will be critical in mitigating future risks.
