CyberSecurity news
FlagThis
Rounak Jain@feeds.benzinga.com
//
Security firm SquareX exposed a significant vulnerability in the OAuth implementation of Google Chrome extensions just days before a major breach occurred. The flaw allowed malicious actors to inject harmful code into extensions using a sophisticated phishing campaign. This campaign involved emails disguised as Chrome Store notifications regarding policy violations, prompting developers to connect their Google account to a fake "Privacy Policy Extension". This fake extension, in turn, granted attackers the ability to edit, update, and publish extensions on the developer's account, effectively hijacking them.
The identified attack vector was demonstrated by SquareX researchers in a video just before a malicious version of Cyberhaven’s browser extension was found on the Chrome store. This malicious extension was available for over 30 hours and affected over 400,000 users before it was removed by Cyberhaven. The incident highlights the increasing risk that browser extensions pose, as most organizations don't monitor what extensions their employees are using, making them a common target for cybercriminals.
ImgSrc: cdn.benzinga.co
References :
The identified attack vector was demonstrated by SquareX researchers in a video just before a malicious version of Cyberhaven’s browser extension was found on the Chrome store. This malicious extension was available for over 30 hours and affected over 400,000 users before it was removed by Cyberhaven. The incident highlights the increasing risk that browser extensions pose, as most organizations don't monitor what extensions their employees are using, making them a common target for cybercriminals.
ImgSrc: cdn.benzinga.co
Share:
References :
- www.techmeme.com: Experts say hackers compromised several companies' Chrome browser extensions, including Cyberhaven's, in a series of intrusions dating back to mid-December
- SiliconANGLE: Hackers compromise Chrome extensions with 400,000+ users
- techhub.social: Experts say hackers compromised several companies' Chrome browser extensions, including Cyberhaven's, in a series of intrusions dating back to mid-December (Reuters)
- www.channelnewsasia.com: Hackers hijack a wide range of companies' Chrome extensions, experts say.
- BleepingComputer: At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
- www.bleepingcomputer.com: Cybersecurity firm’s Chrome extension hijacked to steal user data
- siliconangle.com: Hackers have compromised several popular Chrome extensions with hundreds of thousands of users, TechCrunch reported today.
- techcrunch.com: Data-loss prevention startup Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens
- infosec.exchange: Data-loss prevention startup Cyberhaven said hackers took over its official Chrome extension, pushing a malicious version designed to steal passwords and session tokens.
- www.benzinga.com: Google Chrome Users Beware This Holiday Season: Cyber Security Firm's Browser Extension Hijacked By Attackers
- www.neowin.net: Cyberhaven Chrome extension targeted by hack, company admits
- gbhackers.com: Cyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was targeted in a malicious cyberattack on Christmas Eve 2024
- www.engadget.com: Hackers injected malicious code into several Chrome extensions in recent attack
- gbhackers.com: Cyberhaven Hacked – Chrome Extension With 400,000 users Compromised
- ciso2ciso.com: 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft – Source:thehackernews.com
- dataconomy.com: Over 600,000 users exposed in Chrome hack: Are you one of them?
- DMR News: Hackers Use Chrome Extensions to Steal User Data
- The Hacker News: When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
- mashable.com: Mashable reports on hackers taking over Google Chrome extensions in a cyberattack.
- Alex Jimenez: Hackers take over Google Chrome extensions in cyberattack Malicious code was inserted into Chrome extensions in a phishing campaign.
- bgr.com: Hackers are hijacking Chrome extensions in an attempt to steal your data
- ciso2ciso.com: SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach – Source:hackread.com
- The Last Watchdog: SquareX exposes OAuth attack on Chrome extensions, days before a major breach.
- www.lastwatchdog.com: News alert: SquareX exposes OAuth attack on Chrome extensions — days before a major breach
- ciso2ciso.com: SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach – Source:hackread.com
- social.skynetcloud.site: SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach
- labs.sqrx.com: OAuth Identity Attack — Are your Extensions Affected?
- osint10x.com: SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach
- iHLS: Massive Ongoing Chrome Extension Hack Affects Over Two Million Users
- bsky.app: New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
- www.bleepingcomputer.com: New details have emerged about a phishing campaign targeting Chrome browser extension developers
- BleepingComputer: New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
- social.skynetcloud.site: Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft – Source:thehackernews.com
- ciso2ciso.com: Hacking campaign compromised at least 16 Chrome browser extensions – Source: securityaffairs.com
- ciso2ciso.com: Dozens of Chrome Browser Extensions Hijacked by Data Thieves – Source: www.infosecurity-magazine.com
- ciso2ciso.com: ciso2ciso Article on Chrome Browser Extensions Hijacked
- www.techradar.com: The recent cyberattack which hit security firm Cyberhaven and then affected a number of Google Chrome extenions may have been part of a ‘wider …
- securityonline.info: In a detailed report from Team Axon—led by Alon Klayman and Uri Kornitzer—researchers have revealed on a sophisticated