Cyberhaven Chrome extension compromised in targeted attack on December 24, 2024. Attacker accessed employee account, published malicious version (24.10.4) on Chrome Web Store. Detected and removed within 60 minutes on December 25. Users at risk of sensitive data exfiltration. Recommendations: update to version 24.10.5+, rotate passwords, revoke API tokens, and check logs. Extensions on Firefox and Edge unaffected. Cyberhaven engaging Federal Law Enforcement and Mandiant for investigation.