Google Chrome Extensions Targeted in Christmas Eve Cyberattack
A recent cyberattack on Google Chrome extensions has exposed sensitive user data, raising concerns about online security. Cyberhaven, a data loss prevention company, confirmed that its Chrome extension was compromised, potentially leaking user passwords and session tokens.
What Happened During the Attack?
The attack began with a phishing email that tricked a Cyberhaven employee into sharing their credentials. This allowed the attacker to gain access to the company’s Google Chrome Web Store credentials.
The malicious version of the extension, version 24.10.4, was uploaded to the marketplace and remained active from December 25, 1:32 AM UTC, to December 26, 2:50 AM UTC. Chrome-based browsers that auto-updated during this period were affected.
How Was the Breach Detected?
Cyberhaven’s security team identified the breach on Christmas Day at 11:54 PM UTC. The compromised extension was removed within an hour. Howard Ting, the CEO of Cyberhaven, praised the swift response of the team, noting their dedication despite the holiday.
What Data Was Compromised?
While no core systems, like CI/CD processes or code signing keys, were affected, user cookies and authenticated sessions for certain websites may have been stolen. This could potentially expose sensitive accounts to unauthorized access.
Steps to Protect Yourself
To safeguard your data, Cyberhaven advises users to follow these essential security measures:
- Update Your Extensions
Ensure your Google Chrome extensions are updated to version 24.10.5 or newer. - Review Activity Logs
Check for suspicious activity in your account logs. - Change Passwords
Revoke or rotate all passwords, especially if they are not protected by FIDOv2 authentication. - Stay Vigilant Against Phishing
Avoid clicking on suspicious emails and links, and verify the sender’s authenticity.
Final Thoughts
This attack highlights the importance of maintaining robust cybersecurity practices. Keeping extensions updated and staying vigilant against phishing attempts are crucial steps to protect your online accounts.
By following these precautions, users can mitigate risks and ensure their data remains secure. Always prioritize internet hygiene to stay safe in an ever-evolving digital landscape.
