Hackers Target Google Chrome Extensions: What Happened and How to Stay Safe
Several Google Chrome browser extensions were compromised in what appears to be a large-scale phishing attack, resulting in the exposure of user data. This breach could allow hackers to steal user credentials and potentially bypass two-factor authentication (2FA).
Cyberhaven, a cybersecurity company, was the first to report that its extension was impacted by the attack on December 24. The malicious application, “Privacy Policy Extension,” gained the necessary permissions and uploaded a harmful Chrome extension to the Chrome Web Store. Despite undergoing the usual review process, the malicious extension was approved and published.
The cyber attack targeted extension publishers, with a phishing campaign tricking developers into granting access to the hackers. The phishing email claimed that the developer’s extension violated Google’s Developer Program Policies and contained a link that redirected the recipient to a page granting access to a harmful OAuth application.
Once hackers obtained the required permissions, they injected malicious code into legitimate extensions, allowing them to steal session cookies and user tokens. Investigations indicate that the attackers were focused on compromising logins for social media advertising and AI platforms.
At least 26 extensions, including popular tools like AI Assistant-ChatGPT and Gemini for Chrome, have been affected. While Google has yet to release a public statement on the breach, security experts advise taking steps to protect yourself.
What to Do to Secure Your Browser:
- Remove Compromised Extensions: If you’ve installed an affected extension, delete it and reinstall the latest version.
- Run Antivirus Software: Perform a full system scan to detect and eliminate any malware that could be affecting your browser.
- Enable Two-Factor Authentication (2FA): Secure your developer accounts and online services with 2FA, especially with a security key.
- Use HTTPS: Ensure you are browsing sites that use HTTPS, which provides enhanced security compared to HTTP.
- Minimize Permissions: Limit the permissions granted to extensions, reducing the impact of potential attacks.
If you use Chrome extensions, stay vigilant and regularly review your installed extensions for potential threats.
