A widespread cyberattack targeted well-known Chrome extensions, exposing the personal data of thousands of users
A widespread cyberattack targeted well-known Chrome extensions, compromising at least sixteen extensions and exposing the personal data of thousands of users. The attack targeted extension publishers on the Chrome Web Store through an email phishing campaign and used their credentials to inject malicious code into legitimate extensions to steal user cookies and access tokens.
The first company to fall victim to the campaign was cybersecurity firm Cyberhaven on December 24, allowing a malicious version of the extension to be published.
The phishing message, which purported to be from Google Chrome Web Store Developer Support, attempted to create a false sense of urgency and prompted the recipient to click a link to accept the new policies. The more extensive investigation revealed more extensions, which are suspected to have been compromised, according to the security platform Secure Annex.
These are the following:
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
- Tackker – online keylogger tool
- AI Shop Buddy
- Sort by Oldest
- Rewards Search Automator
- ChatGPT Assistant – Smart Search
- Keyboard History Recorder
- Email Hunter
- Visual Effects for Google Meet
- Earny – Up to 20% Cash Back
This indicates that this attack was widespread and targeted legitimate browser extensions. Some of the featured extensions have been updated or removed from the Chrome Web Store. However, the fact that the extension has been removed does not mean that the exposure is over as hackers can still access it and exploit user data.
