TLDR: On December 26, 2024, Cyberhaven reported a targeted supply chain attack on their Chrome extension via compromised developer permissions gained through phishing. The attacker injected malicious code into a dozen extensions, aiming to harvest sensitive data (API keys, session cookies) from hundreds of thousands of users, including those of ChatGPT and Facebook. The report details phishing tactics, the compromised extensions, and the adversary's infrastructure, urging users to remove affected extensions and monitor their accounts for suspicious activity.
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/