- I tested a Pixel Tablet without any Google apps, and it's more private than even my iPad
- My search for the best MacBook docking station is over. This one can power it all
- This $500 Motorola proves you don't need to spend more on flagship phones
- Finally, budget wireless earbuds that I wouldn't mind putting my AirPods away for
- I replaced my Linux system with this $200 Windows mini PC - and it left me impressed
Dozens of Chrome Browser Extensions Hijacked by Data Thieves
Security researchers have warned users of Google Chrome extensions to be on their guard after uncovering a major campaign focused on data theft.
At least 36 compromised Chrome extensions have been detected to date, potentially exposing as many as 2.6 million end users, according to ExtensionTotal.
The campaign first came to light in late December, when the extension for cybersecurity startup Cyberhaven was hijacked, putting at risk its 400,000 users.
According to ExtensionTotal, a Cyberhaven admin was phished on December 24, after receiving an email stating that the firm’s extension violated Google’s policies and was in danger of being removed from the Chrome Web Store.
Read more on extension threats: Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts
“Clicking on the email led the admin to a Google consent screen, requesting permission for an OAuth application named Privacy Policy Extension,” ExtensionTotal explained.
“This application was actually a tool controlled by the attacker. By granting permission, the admin unknowingly gave the attacker the ability to upload new versions of Cyberhaven’s Chrome extension to the Web Store.”
The hackers subsequently uploaded a malicious version of the extension designed to steal users’ passwords, cookies and other information that could enable account takeovers. The malicious code managed to bypass Google’s security checks.
Developers Beware
Security vendor SquareX said extensions are an increasingly popular way for threat actors to gain initial access, because most corporate IT teams don’t control what their users install. Even if they do, few IT admins monitor subsequent updates to an allow-listed extension, it added.
Additionally, large numbers of developers are easy to target, as their emails are often publicly listed on the Chrome Store for bug reporting, it added.
SquareX founder, Vivek Ramachandran, claimed his firm has seen similar attacks designed to steal data from apps like Google Drive and OneDrive, and warned that threat actors will get “more creative” still with future campaigns.
“Identity attacks targeting browser extensions similar to this OAuth attack will only become more prevalent as employees rely on more browser-based tools to be productive at work,” he argued.
“Companies need to remain vigilant and minimize their supply chain risk without hampering employee productivity by equipping them with the right browser native tools.”
Image credit: CHERRY.JUICE / Shutterstock.com
