Chrome Extensions Compromised in Phishing Attack
/ 1 min read
🦠 Multiple Chrome extensions compromised in coordinated attack. A coordinated phishing attack led to the compromise of at least five Chrome extensions, including a malicious version of the Cyberhaven extension that was published after a hacker gained access to an administrator’s account. The malicious code was designed to exfiltrate sensitive user data, including authenticated sessions and cookies. Cyberhaven quickly removed the malicious extension and released a clean version shortly after the breach was detected. Following this incident, security researcher Jaime Blasco identified additional affected extensions, urging users to either update to safe versions or uninstall them entirely. Users are also advised to reset passwords and review browser logs for any suspicious activity.
