California, U.S. – Several companies have fallen victim to a series of cyberattacks compromising their Chrome browser extensions, with the first known incidents dating back to mid-December.
One of the victims, California-based data protection company Cyberhaven, confirmed that their Chrome extension was affected by a malicious cyberattack on Christmas Eve.
The company stated that the breach was part of a broader campaign targeting a range of Chrome extension developers across multiple industries.
Cyberhaven has confirmed it is cooperating with federal law enforcement agencies in response to the attack. While the full geographical scope of the hacks remains unclear, experts suggest the campaign was widespread.
Browser extensions, which are commonly used by internet users to enhance their browsing experience, have proven to be an effective target for cybercriminals. In Cyberhaven’s case, the compromised extension was designed to monitor and secure client data flowing across web applications.
Jaime Blasco, cofounder of Nudge Security, identified other affected extensions related to artificial intelligence and virtual private networks (VPNs). This suggests that the attackers were engaging in a broad, opportunistic effort to gather sensitive data.
Blasco indicated that while Cyberhaven was a victim, the attack did not appear to be specifically targeted at the company, noting that it seemed like a random selection of compromised extensions.
The Cybersecurity and Infrastructure Security Agency (CISA) has referred questions about the incident to the affected companies, while Google, the maker of the Chrome browser, has yet to respond to requests for comment.
