Cybercriminals got hold of several Chrome extensions over Christmas \ stacker news ~security

If you love to clog up your Chrome browser with multiple extensions, you'd better be careful and check how each one works. Or better yet, disable them, at least for now. That's because several companies suffered heavy attacks from cybercriminals on Christmas morning, December 25, when everyone was still eating leftovers from the night before.

The first company to report the malicious endeavor was the data protection startup — how ironic — Cyberhaven. This Friday (27), the company confirmed the cyberattack “affecting our Chrome extension”.

The company also cited public comments from cybersecurity experts, who suggested the attack was “part of a broader campaign to target Chrome extension developers across a wide range of companies”.

Well, as you know, browser extensions are typically used to personalize your browsing experiences, for example, by automatically applying coupons to shopping sites. In Cyberhaven's case, the Chrome add-on was used to help the company monitor and protect customer data flowing through web-based applications.

Cyberhaven declined to say what the extent of the problems were, and there is no estimate of the geographic extent or number of people or machines affected. However, it added that it is “actively cooperating with federal authorities.” It is worth noting that the company has more than 400,000 registered customers. Jaime Blasco, co-founder of Nudge Security, said he had detected several other Chrome extensions that had been hijacked in the same way as Cyberhaven’s. At least one appears to have been hit in mid-December. Blasco said the other affected extensions included those related to artificial intelligence and virtual private networks, and pointed to an opportunistic effort to hoover up sensitive data using as many compromised extensions as possible. “I am fairly certain this is not targeted at Cyberhaven,” Blasco said. “If I had to guess, this was just random.” The U.S. cyber watchdog CISA referred questions to the companies involved. A message seeking comment from Alphabet, which opens a new tab, which makes the Chrome browser, was not immediately returned.