Hackers hijack a wide range of companies’ Chrome extensions: experts
Add BT as a preferred source
DeeperDive is a beta AI feature. Refer to full articles for the facts.
HACKERS have compromised several different companies’ Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.
Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday (Dec 27).
“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was “part of a wider campaign to target Chrome extension developers across a wide range of companies”.
Cyberhaven added: “We are actively cooperating with federal law enforcement.”
The geographical extent of the hacks was not immediately clear.
Browser extensions are typically used by Internet users to customise their Web-browsing experiences, for example by automatically applying coupons to shopping websites. In Cyberhaven’s case, the Chrome extension was used to help the company monitor and secure client data flowing across Web-based applications.
Navigate Asia in
a new global order
Get the insights delivered to your inbox.
Jaime Blasco, co-founder of Austin, Texas-based Nudge Security, said he had spotted several other Chrome extensions that had been subverted in the same way as Cyberhaven’s. At least one appeared to have been hit in mid-December.
Blasco said the other affected extensions included ones related to artificial intelligence and virtual private networks. He said that suggested an opportunistic effort to vacuum up sensitive data using as many compromised extensions as possible.
“I’m almost certain this is not targeted to Cyberhaven,” Blasco said. “If I had to guess, this was just random.”
The US cyber watchdog Cisa referred questions to the companies involved. A message seeking comment from Alphabet, which makes the Chrome browser, was not immediately returned. REUTERS
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
Share with us your feedback on BT's products and services
TRENDING NOW
‘Boring’ is the new black: The stars are aligning for a Singapore stock market revival
Near sell-out launches in March boost developer sales to 1,300 units after four slow months
China pips the US if Asean is forced to choose, but analysts warn against reading it like a sports result
Genting Singapore’s Lim Kok Thay receives S$7.5 million pay package for FY2025
