Chrome Extensions Hacked in Widespread Cyberattack

By Raphael Satter and AJ Vicens

Hackers have compromised several companies’ Chrome browser extensions in a series of intrusions dating back to mid-December, according to reports from victims and cybersecurity experts.

One of the victims, California-based Cyberhaven, a data protection company, confirmed the breach in a statement to Reuters on Friday:

> “Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension.”
> The statement cited public comments from cybersecurity experts, suggesting the attack is part of a wider campaign targeting Chrome extension developers across various companies.

Cyberhaven added, “We are actively cooperating with federal law enforcement.”

The geographical extent of the hacks remains unclear. Browser extensions are often used to customize web browsing experiences, such as automatically applying coupons on shopping websites. In Cyberhaven’s case, the Chrome extension was designed to help monitor and protect client data flowing through web-based applications.

Jaime Blasco, cofounder of Austin, Texas-based Nudge Security, noted that he observed several other Chrome extensions similarly compromised. At least one of these was affected in mid-December.

Blasco mentioned other affected extensions related to artificial intelligence and virtual private networks, indicating an opportunistic effort to harvest sensitive data through as many compromised extensions as possible.

“I’m almost certain this is not targeted to Cyberhaven,” Blasco said. “If I had to guess, this was just random.”

The U.S. cyber watchdog CISA has referred inquiries to the companies involved, and a request for comment from Alphabet (NASDAQ: GOOGL), which produces the Chrome browser, went unanswered.