Massive Chrome Extension Breach Exposes 600,000 Users to Data Theft
The Hacker News
|
Contributed by: Drex DeFord
Summary
A recent phishing attack has compromised at least 16 Chrome browser extensions, affecting over 600,000 users and exposing them to data theft risks. The campaign began with a cybersecurity firm employee falling for a phishing email that led to the release of a malicious version of their extension, designed to communicate with an external server for stealing user data. The attackers exploited the trust associated with communications from the Chrome Web Store, prompting a false urgency that tricked extension publishers into granting permissions to a malicious application. This incident highlights the security vulnerabilities of browser extensions, which often require extensive user permissions. Further investigations indicate this attack is part of a larger scheme, with links to earlier incidents dating back to April 2023.
