Image Not FoundImage Not Found

  • Home
  • Computing
  • Chrome Extension Hack Compromises Social Media and AI Platforms: What Users Need to Know
Chrome Extension Hack Compromises Social Media and AI Platforms: What Users Need to Know

Chrome Extension Hack Compromises Social Media and AI Platforms: What Users Need to Know

Chrome Extensions Hit by Cyberattack Targeting Social Media and AI Platforms

A sophisticated cyberattack has been uncovered, affecting multiple Chrome browser extensions since mid-December. The attack, which inserted malicious code into various extensions, targeted browser cookies and authentication sessions on social media advertising and AI platforms.

Cyberhaven, a cybersecurity firm, was among the companies targeted in this attack. The breach was initiated through a phishing email, with the malicious code designed to compromise Facebook Ads accounts.

Security researcher Jaime Blasco suggests that the attack may have been random, affecting a range of extensions beyond those initially identified. VPN and AI-related extensions were also found to contain malicious code. Potentially affected extensions include Internxt VPN, VPNCity, Uvoice, and ParrotTalks.

Cyberhaven reported that a malicious update (version 24.10.4) was pushed to their extension on Christmas Eve. The company’s security team discovered and removed the code within hours on December 25th, promptly releasing a clean version in update 24.10.5.

In response to the attack, affected companies are advised to check their logs for suspicious activity and revoke or rotate passwords not using FIDO2 multifactor authentication. Cyberhaven has notified its customers via email before making public posts about the incident.

The company’s security team remains available 24/7 to assist affected customers and continues to provide updates through blog posts and social media channels.

As this situation develops, users of Chrome extensions are urged to remain vigilant and ensure their software is up to date with the latest security patches.