To Acquire User Passwords, A Cyber Firm’s Chrome Extension Was Taken Over

According to an email sent to impacted customers who might have been the targets of this suspected supply-chain attack, data-loss prevention business Cyberhaven claims that hackers released a malicious update to its Chrome extension that was able to collect session tokens and client passwords.
Although Cyberhaven declined to comment on the incident’s specifics, the company confirmed the cyberattack on Friday.
According to a company email addressed to consumers, which security researcher Matt Johansen was able to collect and publish. The hackers used a company account to release a malicious update to the Chrome extension early on December 25.
Customers using the hacked browser extension, according to the email,
“It is possible for sensitive information, including authenticated sessions and cookies, to be exfiltrated to the attacker’s domain.”
Cameron Coles, a spokesman at Cyberhaven, did not contest the email’s legitimacy but declined to comment.
Cyberhaven said in a succinct email that the malicious extension (version 24.10.4) was taken down from the Chrome Web Store after its security team discovered the intrusion in the afternoon of December 25. Soon later, a new, authentic version of the extension (24.10.5) was made available.
Cyberhaven sells technologies, including browser extensions that let the corporation keep an eye out for potentially harmful activity on websites. That it claims to guard against data exfiltration and other intrusions. As of this writing, the Cyberhaven extension has about 400,000 business customer users, according to the Chrome Web Store.