Several companies’ Google Chrome browser extensions have been hacked, which appears to be a coordinated attack against Chrome extension developers. Over 36 Chrome extensions have been confirmed to be compromised, impacting at least 2.6 million users whose data and credentials could be at risk for theft. Data protection company Cyberhaven confirmed to Reuters that its Chrome browser extension was one of the targets.
“Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven’s Chrome extension. Public reports suggest this attack was part of a wider campaign to target Chrome extension developers across a wide range of companies,” an official statement from Cyberhaven reads.
The company found that only a single version of its Chrome browser extension was affected, 24.10.4, and only extensions that were auto-updated during 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26 were impacted.
However, browsers running the compromised extension could have exfiltrated cookies and authenticated sessions for targeted websites.
Cyberhaven researchers believe that the hackers responsible were targeting specific social media and AI platforms.
Dozens of Google Chrome browser extensions affected
Cybersecurity researchers with Nudge Security and reporting from The Hacker News uncovered additional affected extensions by identifying domains resolving to the same command and control (C&C) servers used in the Cyberhaven extension hack.
The list of compromised Google Chrome browser extensions includes:
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vidnoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
- Tackker – online keylogger tool
- AI Shop Buddy
- Sort by Oldest
- Rewards Search Automator
- ChatGPT Assistant – Smart Search
- Keyboard History Recorder
- Email Hunter
- Visual Effects for Google Meet
- Earny – Up to 20% Cash Back
- Where is Cookie?
- Web Mirror
- ChatGPT App
- Hi AI
- Web3Password Manager
- YesCaptcha assistant
- Bookmark Favicon Changer
- Proxy SwitchyOmega (V3)
- GraphQL Network Inspector
- ChatGPT for Google Meet
- GPT 4 Summary with OpenAI
Credit to The Hacker News and Nudge Security for the list of affected extensions. This list will be updated accordingly.
The hack highlights the security challenges of browser management, as third-party extensions can be compromised or weaponized for data exfiltration. Organizations without proper enterprise browser management or zero trust cybersecurity policies are at greater risk, as extensions can be an unmonitored attack vector.
Disclaimer: The author of this article is a current employee of Google. This article does not represent the views or opinions of his employer and is not meant to be an official statement for Google, Google Cloud, or the Alphabet holding company.
