Zum Inhalt der Seite gehen
16 Chrome Extensions attacked in Large-Scale Credential Theft Scheme.

A attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600k users to data & credential theft. This targeted extension publishers through phishing emails that mimicked official communications from the Chrome Web Store.

https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it

#google #chrome #it #security #privacy #engineer #media #tech #news
Cyberhaven, a IT-security firm specializing in data loss prevention, was among the impacted firms and the first to publicly disclose its compromise. The attack occurred on December 24 and involved phishing a company employee to gain access to their Chrome Web Store admin credentials. According to Cyberhaven, the attackers compromised the “single admin account for the Google Chrome Store” and managed to publish a malicious update to their popular Chrome extension. This update, deployed on Christmas Day, was designed to steal sensitive user data, including passwords, session tokens, Facebook account credentials and cookies. The malicious extension, version 24.10.4, remained active for over 31 hours before being detected and removed from the Chrome Web Store. “Our security team detected this compromise at 11:54 PM UTC on December 25 and removed the malicious package within 60 minutes,” the company’s disclosure read. Cyberhaven immediately released a legitimate update (version 24.10.5), hired Mandiant to develop an incident response plan and also notified federal law enforcement agencies for investigation. The company has confirmed that its systems, including CI/CD processes and code signing keys, were not compromised.

Cyberhaven’s Chrome extension security incident and what we’re doing about it

Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven's Chrome extension.
www.cyberhaven.com
#news #privacy #google #tech #media #security #it #chrome #engineer