Hackers have breached the Chrome browser extensions of several companies in a wave of cyberattacks that began in mid-December, according to cybersecurity experts and one of the affected organizations.
California-based data protection company Cyberhaven confirmed that its Chrome extension was compromised during a cyberattack on Christmas Eve. In a statement to Reuters, Cyberhaven said the intrusion is part of a broader campaign targeting Chrome extension developers across multiple organizations.
“We are actively cooperating with federal law enforcement to address the issue,” Cyberhaven stated.
The attacks’ geographical scope remains unclear.
Browser extensions, commonly used to enhance user experience—such as applying discounts on e-commerce sites—were exploited in these hacks. Cyberhaven’s Chrome extension is specifically designed to monitor and secure client data across web-based applications.
Jaime Blasco, co-founder of Nudge Security in Austin, Texas, revealed that additional Chrome extensions, including those related to artificial intelligence and virtual private networks, were also compromised in similar attacks starting mid-December.
“This doesn’t seem to specifically target Cyberhaven,” Blasco noted. “It’s likely a broader, opportunistic campaign aimed at collecting sensitive data from various extensions.“
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) redirected inquiries to the affected companies. Alphabet, the maker of the Chrome browser, has yet to respond to requests for comments.
