Hacked Chrome extensions put 2.6 million users at risk of data leak

Your web browser is an ecosystem of its own. It stores your passwords, search history, financial details like credit card numbers, addresses and more. Just like how malicious apps and services can compromise data on your phone or PC, malicious extensions can expose the data stored in your browser. 

There are a ton of extensions out there that do more harm than good. In fact, security researchers have just found a dangerous new campaign that is going after browser extensions. So far, around 36 extensions have been compromised, putting over 2.6 million Chrome users at risk of having their browsing data and account credentials exposed.

One common attack involves phishing campaigns targeting the publishers of legitimate extensions on platforms like the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious applications, which then insert harmful code into popular extensions. This code can steal cookies, access tokens and other user data.

The first company to shed light on the campaign was cybersecurity firm Cyberhaven, one of whose employees were targeted by a phishing attack on December 24, allowing the threat actors to publish a malicious version of the extension.

Once these malicious extensions are published and pass the Chrome Web Store's security review, they are made available to millions of users, putting them at risk of data theft. Attackers can use these extensions to exfiltrate browsing data, monitor user activity and even bypass security measures such as two-factor authentication.

In some cases, developers themselves may unknowingly include data-gathering code as part of a monetization software development kit, which stealthily exfiltrates detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or an intentional inclusion by the developer.

If you have installed one of the above-mentioned extensions on your browser, remove it as soon as possible. To remove an extension from Google Chrome, follow these steps:

3) Limit extension permissions: Be cautious about the permissions you grant to browser extensions. Many require access to sensitive data like browsing history, cookies or account information, but not all requests are necessary. Review what each extension asks for and deny permissions that seem excessive. If possible, opt for extensions with limited access to ensure your data remains protected.

4) Limit the number of extensions: Only install extensions that are genuinely needed and regularly review and uninstall those no longer in use.

6) Regularly audit your extensions: Conduct periodic reviews of installed extensions and remove any that are unnecessary or pose potential security risks.

7) Report suspicious extensions: If you encounter a suspicious extension, report it to the official browser extension marketplace.

Hackers are getting smarter, and browser extensions have become a new favorite target for stealing sensitive data. The discovery of over 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protect your data. This also puts Google's Chrome Web Store review process under scrutiny, proving that even trusted platforms can be exploited. 

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.