A sophisticated supply chain attack has compromised numerous Chrome browser extensions, exposing millions of users to data theft and credential harvesting. This alarming development highlights the growing risks associated with browser extensions and their potential exploitation by cybercriminals.
The attack, discovered by cybersecurity firm Cyberhaven, and has been investigating it since December 26, 2024 and revealed that the attacker’s infrastructure has been active since March 2024. The attack involved at least 35 compromised Chrome extensions and threat actors have been using phishing emails to deceive extension developers into authorizing a malicious OAuth application. This allowed attackers to inject malicious code into legitimate extensions, which were then distributed through the Chrome Web Store. The compromised extensions targeted sensitive user data, including API keys, session cookies, and authentication tokens from services like Facebook Business and OpenAI.
Users are advised to update or remove affected extensions, revoke exposed credentials, and monitor their accounts for suspicious activity. Developers are also encouraged by cybersecurity experts to enhance security measures, such as implementing stricter access controls and increasing awareness of phishing tactics.
#CyTech #cybernews #cybersecurity #ciso #cisoworkplace #supplychain #SupplyChainAttack #chrome #ChromeExtension
Leave a Reply