Windows Defender Improves Detection of Malicious Chrome Extensions
/ 1 min read
🔍 Windows Defender enhances detection of malicious Chrome extensions following Cyberhaven attack. The recent Cyberhaven Extension attack has prompted users to check for specific Chrome extensions, with Windows Defender now automatically cataloging installed extensions through its enhanced vulnerability management feature. Users can also perform Hunt Queries on the DeviceTvmBrowserExtensions table to identify malicious extensions using their Chrome Extension IDs. For those without this feature, searching for the extension ID in the folder name can help locate threats. A detailed query is provided to detect the malicious version 1.5.7, and affected users are advised to reset passwords for sensitive accounts accessed during the attack. Further resources and indicators of compromise (IOCs) are available for additional guidance.
