Data hackers have successfully hacked the Chrome browser to develop a malicious update to several of the application’s extensions in the hope of helping them steal passwords from millions of users around the world.
“Malicious” Chrome update
The American company “Cyberheaven”, which specializes in preventing data loss, said that hackers injected a malicious update into its extension for the Chrome browser that was able to steal users’ passwords and geographic identification codes in a cyber-attack, the details of which were explained by security researcher, Matt Johansen, during his interview with the “TechCrunch” website on Saturday.
Johansen said the hackers breached the company’s account to install a malicious update to its Chrome browser early on the morning of December 25 that would have accessed sensitive user information, including passwords for certain websites and cookies.
How do I know if I’ve been hacked?
After discovering the breach, Chrome sent a brief email to users whose data was stolen, urging them to change their passwords for certain websites and to revoke other text-based credentials, such as API tokens.
Cyberheaven reassured victims that its security team had removed the malicious update, version 24.10.4, from the Chrome Web Store, and that a new version of the extension, version 24.10.5, would be released shortly after.
Measures to prevent recurrence of the breach
Of its roughly 400,000 users, Chrome did not disclose how many victims were compromised by installing the malicious browser update, but it did reassure users that several cybersecurity firms had begun a comprehensive review of its security practices and would implement additional safeguards based on the findings to prevent the incident from happening again in the future.
Nudge Security CTO Jaime Blasco said in a post on X that several other Chrome extensions were hacked as part of what appears to be the same campaign, including several with tens of thousands of users, but he is still investigating the attacks and who is behind them.
Blasco believes at this point that there were more extensions that were compromised earlier this year, including some related to artificial intelligence, productivity, and VPNs.
