Chrome Extension Hacked! Company Sensitive Data Threatened To Leak

JAKARTA Hackers have hijacked a number of extensions of the company's Chrome browser in a series of cyberattacks that began in mid-December. One of the victims, Cyberhaven, a California-based data protection company, confirmed the incident in an official statement to Reuters on Friday 27 December.

"Cyberhaven can confirm that an evil cyberattack occurred on Christmas Eve, affecting our Chrome extension," the company wrote. Cyberhaven also cited comments from cybersecurity experts calling this attack part of a broader campaign to target developers of Chrome extensions in various companies.

Cyberhaven added that it is working actively with federal law enforcement to investigate the case. Until now, the geographical coverage of this attack has not been confirmed.

Browser extensions are usually used by internet users to customize the surfing experience on the web, such as applying coupons automatically on shopping sites. In the case of Cyberhaven, the Chrome extension is used to help monitor and secure client data that flows through web-based applications.

Jaime Blasco, co-founder of Austin-based Nudge Security, Texas, revealed that several other Chrome extensions were also victims of similar attacks. Some of the affected extensions of the attacks included those associated with artificial intelligence and virtual private networks (VPNs).

"This is almost certainly not a targeted attack on Cyberhaven," said Blasco. "If you have to guess, this is just a random attack."

Blasco said that the campaign appeared aimed at collecting as many sensitive data as possible through a hijacked extension.

Until this news was published, the US cyber surveillance agency, CISA, referred to related questions to the affected companies. Alphabet, Google's parent company, which developed the Chrome browser, has not yet responded to a request for comment.