Name: Business PC Support
Price range: $

Chrome Extension Hack: What You Need to Know

January 9, 2025

A new cyberattack campaign has targeted Chrome browser extensions, affecting over 600,000 users and exposing sensitive data such as login credentials. This alarming Chrome extension hack has compromised at least 16 extensions. Hackers exploited access permissions to inject malicious code into legitimate extensions, revealing a growing cybersecurity threat in the browser extension ecosystem.

How the Attack Happened: Phishing and Malicious Code Injection
The Scope of the Chrome Extension Attack
Security Concerns: Why Browser Extensions Are a Vulnerability
What You Can Do to Protect Your Organization
Ongoing Investigation and the Future of Browser Extension Security
References

How the Attack Happened: Phishing and Malicious Code Injection

The cyberattack began with a phishing campaign targeting publishers of Chrome extensions. Cyberhaven, a cybersecurity firm, was the first victim. On December 24, one of their employees fell for a phishing email that seemed to come from Google Chrome Web Store Developer Support. The email created a sense of urgency, falsely claiming that their extension would be removed for violating Developer Program Policies. This email played a key role in the Chrome extension hack strategy.

By clicking a link in the email, the employee was redirected to a malicious OAuth application named “Privacy Policy Extension.” This gave the attackers the permissions they needed to upload a compromised version of the extension to the Chrome Web Store, where it passed security reviews before going live. This cleverly disguised hack escalated the risk of further attacks.

The Scope of the Chrome Extension Attack

Once the malicious extension went live, it connected to a command-and-control (C&C) server at cyberhavenext[.]pro, allowing attackers to download configuration files and steal sensitive user data. Over the next few days, security researchers identified more compromised extensions related to the same Chrome extension hack. These included:

AI Assistant – ChatGPT and Gemini for Chrome
Bard AI Chat Extension
VPNCity
TinaIndAI Assistant
Wayin I
Castorus

These extensions stole cookies, identity tokens, or user credentials. At least 16 extensions were compromised, raising significant concerns for both individual users and businesses relying on browser extensions. A large portion of affected users faced security risks due to the Chrome extension hack.

Security Concerns: Why Browser Extensions Are a Vulnerability

Browser extensions often request broad permissions to access sensitive data, such as cookies and access tokens, making them an attractive target for cybercriminals. Many organizations are unaware of which extensions are installed on their devices, leaving them vulnerable to security breaches. The recent Chrome extension hack highlights this risk.

Or Eshed, CEO of LayerX Security, explained, “Browser extensions are often overlooked in terms of security, but they can access highly sensitive data. Organizations should regularly review their installed extensions to reduce exposure.” Regularly reviewing extensions is a proactive measure to prevent Chrome extension hacks.

What You Can Do to Protect Your Organization

Even though the malicious extensions have been removed from the Chrome Web Store, users who have already installed them remain at risk. As long as these extensions stay active on devices, attackers can continue to steal data. To safeguard your business against potential Chrome extension hack threats, stay vigilant and take action.

Here are key steps to protect your organization and ensure online security:

Review your browser extensions regularly to identify risks.
Remove unused or unnecessary extensions to minimize vulnerabilities.
Educate employees about phishing and the dangers of granting excessive permissions. This reduces the chances of a successful Chrome extension hack.
Use anti-malware and endpoint protection tools to detect compromised extensions quickly.
Implement a Zero Trust security model to limit the damage a compromised extension can cause.

Ongoing Investigation and the Future of Browser Extension Security

While the attackers remain unidentified, the sophistication of this cyberattack emphasizes the need to prioritize browser extension security. Cybersecurity experts continue to investigate, and businesses must stay vigilant against similar threats to prevent another Chrome extension hack.

References

Eshed, O. (2025, January 10). Chrome extension cyberattack: A growing threat to your data. Cybersecurity News. Retrieved from www.cybersecuritynews.com

Tuckner, J. (2025, January 10). Investigating a large-scale cyberattack on browser extensions. Hacker News. Retrieved from www.thehackernews.com