News

16 Chrome Extensions Hacked: Sensitive Data of Over 600,000 Users Exposed

In a recent cyberattack, threat actors compromised at least 16 Chrome browser extensions, potentially exposing over 600,000 users to data theft and credential hijacking.

The attackers employed phishing campaigns targeting extension publishers, gaining unauthorized access to inject malicious code into legitimate extensions. This code was designed to steal cookies and user access tokens, facilitating unauthorized entry into users’ online accounts.

Cyberhaven, a cybersecurity firm, was among the first to detect the breach. On December 24, 2024, a Cyberhaven employee fell victim to a phishing email masquerading as a communication from Google Chrome Web Store Developer Support. The deceptive email warned of an alleged policy violation, urging immediate action to prevent extension removal.

Following the provided link led to granting permissions to a malicious OAuth application named “Privacy Policy Extension,” enabling the attackers to upload a compromised version of Cyberhaven’s extension.

The malicious extension was active for approximately 25 hours before Cyberhaven detected and removed it, releasing a clean update to mitigate the threat.

Users who installed the compromised version are advised to check their logs for suspicious activity and update their passwords, especially for accounts not utilizing FIDO2 multifactor authentication.

Further investigations revealed that other extensions, including AI assistants and VPN services, were similarly compromised. Notable examples include “AI Assistant – ChatGPT and Gemini for Chrome,” “VPNCity,” and “Internxt VPN.”

The widespread nature of this attack underscores the vulnerabilities inherent in browser extensions, which often have extensive permissions to access sensitive user information.

Or Eshed, CEO of LayerX Security, emphasized the risks associated with browser extensions, stating, “Although we tend to think of browsermless, in practice, they are frequently granted extensive permissions to sensitive user information such as cookies, access tokens, identity information, and more.”

Users are advised to exercise caution when installing browser extensions, regularly review the permissions granted to installed extensiomed about any updates or security advisories related to the extensions they use.

Maintaining robust security practices, such as enabling multifactor authentication and being vigilant against phishing attempts, remains crucial in safeguarding personal and organizational data.

Anil Sharma

Anil Sharma is a technology enthusiast and the admin of Karookeen.com, where he shares practical guides and insights on internet security, digital privacy, and accessing restricted content safely and legally. With a strong background in networking, VPN technologies, and secure browsing, Anil helps users take control of their online experience. Over the past 6+ years, he has tested and reviewed dozens of tools — from VPNs and proxy services to ad blockers and encrypted browsers — helping readers understand how to unblock streaming platforms, avoid trackers, and stay safe online. Anil combines real-world testing with clear, jargon-free writing, making complex tech topics accessible to everyone. Whether you're trying to watch Netflix abroad or secure your home network, Anil’s tutorials are based on both research and hands-on experience.

Leave a Comment
Share
Published by
Anil Sharma
Tags: Chrome Extensions HackedNews
8 months ago

Related Post

  • U.S. Cybersecurity Task Force Launched to Fight Growing Threats
  • How Hackers Are Exploiting Weak Passwords (Updated 2025)?
  • Is DeepSeek’s AI a Cybersecurity Threat? Experts Weigh In