Important Security Notice: Chrome Extensions Hacked – Recommend Immediate Action Required on Personal Devices

Memo
Written By Studio Soph
 
 

We are writing to inform you about a recent security incident that may impact your data security if you use some Chrome extensions.

A significant security breach has compromised 35 popular Google Chrome extensions, potentially exposing sensitive data of 2.6 million users. The attack targeted software publishers of browser extensions on the Chrome Web Store through a phishing campaign, exploiting their access permissions to inject malicious code into legitimate extensions. Approximately 50% of the extensions were AI related tools.

This malicious code facilitated the theft of cookies, user session tokens, and potentially sensitive user data, such as identity information. If a session token is stolen it allows the attacker to access the service bypassing the authentication or multi-factor authentication step for a limited amount of time.

To protect your personal devices, we recommend the following steps:

  • Review and Update Extensions: Check your Chrome extensions and immediately update or remove any of the affected ones. A list of compromised extensions includes popular tools like AI Assistant for Chrome, Bard AI Chat Extension, and VPNCity.

    • See additional browser extensions currently suspected of having been compromised - https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html

    • Manage Chrome Extensions:

      • On your computer, open Chrome.

      • At the top right, select three vertical dots > Extensions > Manage extensions.

      • You will then see a list of any extensions that you have installed that could potentially pose a security risk. If you don’t see a warning panel, although there is no 100% guarantee, it does mean that Google’s security team does not currently think your extensions are compromised.

  • Monitor for Suspicious Activity: Keep an eye on your accounts for any unusual activity and report it immediately.

Most of our managed clients utilize Seraphic Security Enterprise web browser security to provide an additional layer of protection against this type of threats on firm own devices. It encrypts all session tokens so that they cannot be used if they are stolen, and therefore protects against this type of attack.

If your firm is not using Seraphic your HalcyonFT team will be reaching out to you with the strong recommendation that we implement it in your organization.

For more information on the breach and additional security measures, you can refer to the following sources:

Forbes: https://www.forbes.com/sites/daveywinder/2024/12/29/google-chrome-2fa-bypass-attack-confirmed-what-you-need-to-know/

Reuters: https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/

Seraphic: https://seraphicsecurity.com/resources/blog/lessons-learned-from-the-cyberhaven-cyber-incident/

 

If you have any questions or need further assistance, please do not hesitate to contact our support team.

 

Best regards,

— Your HalcyonFT Team

 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

 
 
Studio Soph https://www.studiosoph.co.uk
Next

HalcyonFT Quarterly Newsletter - Q4 2024 - Updates and Recommendations