Published on 30 Dec 2024
There are reports of an ongoing campaign to steal sensitive information from users of Chrome Browser Extensions. The extensions that have been compromised are observed to contain malicious code that could allow an attacker to exfiltrate authenticated sessions and cookies, enabling the attacker to impersonate the victim without requiring a username or password. This allows the attacker to gain unauthorised access to resources, perform actions on the victims' behalf, or escalate their privileges.
As of 30 December, the following Chrome browser extensions have been confirmed to carry malicious code:
While there are no reports observed locally, users of the affected extensions are advised to uninstall the affected extensions, reset account passwords, clear browser data and reset browser settings to their original defaults before installing a safe version of the extension (if available).
More information is available here:
https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it
https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
https://secureannex.com/blog/cyberhaven-extension-compromise/