chrome extensions

New Syncjacking Attack Hijacks Devices Using Chrome Extensions

New Syncjacking attack exploits benign Chrome extensions to hijack devices via Google profile and browser takeover. Attackers create a malicious Google Workspace domain, trick victims into installing an extension, and gain access to their data after syncing. They further take control through a fake Zoom update, allowing extensive control over the victim's browser and files while remaining stealthy and requiring minimal user interaction.

https://www.bleepingcomputer.com/news/security/new-syncjacking-attack-hijacks-devices-using-chrome-extensions/

Targeted Supply Chain Attack Against Chrome Browser Extensions

, ,

TLDR: On December 26, 2024, Cyberhaven reported a targeted supply chain attack on their Chrome extension via compromised developer permissions gained through phishing. The attacker injected malicious code into a dozen extensions, aiming to harvest sensitive data (API keys, session cookies) from hundreds of thousands of users, including those of ChatGPT and Facebook. The report details phishing tactics, the compromised extensions, and the adversary's infrastructure, urging users to remove affected extensions and monitor their accounts for suspicious activity.

https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/

How to Defend Against Hijacking and Trojanization of Chrome Extensions

Legitimate Chrome extensions are stealing Facebook passwords via a sophisticated multi-stage attack. Cybercriminals compromised popular extensions, resulting in trojan updates that harvested user data and credentials for Meta services, allowing attackers to misuse business accounts for ad placements. Developers were tricked into authorizing malicious updates through phishing attempts disguised as Google alerts. Users with infected extensions were at risk of losing sensitive information, prompting urgent advice to uninstall compromised updates and reset passwords. This incident highlights the dangers of supply-chain attacks and the need for stronger security measures in extension management.

https://www.kaspersky.com/blog/chrome-extension-malicious-updates-and-mitigations/52871/

Cyberhaven Chrome Extension Compromised in Targeted Attack

Cyberhaven Chrome extension compromised in targeted attack on December 24, 2024. Attacker accessed employee account, published malicious version (24.10.4) on Chrome Web Store. Detected and removed within 60 minutes on December 25. Users at risk of sensitive data exfiltration. Recommendations: update to version 24.10.5+, rotate passwords, revoke API tokens, and check logs. Extensions on Firefox and Edge unaffected. Cyberhaven engaging Federal Law Enforcement and Mandiant for investigation.

Cyberhaven Chrome Extension Compromised in Targeted Attack

Scroll to Top