Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home Google

How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing

Prashant Chaudhary by Prashant Chaudhary
January 7, 2025
in Google, News
Reading Time: 2 mins read
0
Watch Out How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing

Over the festive season, while many unwrapped gifts and celebrated, a dedicated team of researchers at Cyberhaven worked tirelessly to trace a significant breach affecting the Chrome Web Store. This breach involved not one, but 33 Chrome extensions that had been compromised to siphon off sensitive data from approximately 2.6 million devices, some breaches dating back 18 months.

The eye-opening findings began with a shocking update to the Cyberhaven extension. Originally designed to protect users from accidentally leaking sensitive data, the extension was ironically turned against its users. The modified version 24.10.4 of the Cyberhaven extension, active briefly from December 25 to December 26, 2024, was found to be extracting user data and sending it to a malicious server.

Watch Out How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing-
Uncovering hidden threats in Chrome

Spear Phishing: The Hacker’s Bait

The method of infiltration was spear phishing, a targeted email scam. On Christmas Eve, developers received an email warning that their extension did not comply with Google’s terms and needed urgent updating. This email included a link that led to a Google consent screen for an OAuth application named “Privacy Policy Extension,” a deceptive move that tricked a developer into granting harmful permissions.

This incident highlights a broader issue uncovered by John Tuckner, founder of Secure Annex. Tuckner pointed out that as of his last update, 19 other extensions had fallen victim to similar schemes. “For many I talk to, managing browser extensions can be a lower priority item in their security program,” Tuckner explained. This oversight can lead to significant security breaches, as demonstrated by these events.

Watch Out How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing--
Cyberhaven exposes malicious extension dangers

A Closer Look at the Compromised Extensions

Further investigations revealed that these were not isolated incidents. Some extensions had been compromised for longer periods, with various payloads targeting different data points, from browser cookies to authentication credentials for sites like Facebook and ChatGPT. For example, the extension “Reader Mode” was involved in a separate but concurrent campaign that had been ongoing since April 2023, exploiting a monetization code library that collected data from users’ web visits.
The situation calls for a reevaluation of how organizations and individuals manage browser extensions, a sentiment echoed by many in the cybersecurity community. Implementing stricter controls, like browser asset management lists that specify which extensions can run, could mitigate such risks.

Watch Out How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing---
Spear phishing targets Chrome developers

Mitigating the Damage

For those affected, the ramifications could be extensive. Changing passwords and closely monitoring account activity is advisable. Cybersecurity posts and resources are available to help identify and address potential compromises, but the real solution lies in preventative measures and increased vigilance.

Watch Out How Sneaky Chrome Extensions Can Steal Your Info Without You Knowing----
Reader Mode extension compromised again

This incident serves as a stark reminder of the vulnerabilities inherent in commonly used digital tools and the importance of maintaining rigorous cybersecurity practices. As browser extensions continue to offer functionality and convenience, they also pose potential risks that must not be overlooked. For the everyday user and organizations alike, the balance between convenience and security has never been more critical.

The digital world waits for no one, and as we continue to integrate these technologies into our lives, we must also arm ourselves with the knowledge and tools to protect our digital footprints against the ever-evolving landscape of cyber threats.

Tags: Browser SecurityChrome extensionscredential theftCybersecurityData BreachGoogle ChromeSpear Phishing

TRENDING

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers---

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers

May 23, 2025
Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

May 23, 2025
Apple to Let EU Users Switch from Siri to Google Assistant or AlexaApple to Let EU Users Switch from Siri to Google Assistant or Alexa

Apple to Let EU Users Switch from Siri to Google Assistant or Alexa

May 23, 2025
Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

May 23, 2025
Bluesky Tests New 'Live' Feature to Link Sports and Livestreams Directly from Profiles

Bluesky Tests New ‘Live’ Feature to Link Sports and Livestreams Directly from Profiles

May 23, 2025
iPhone 17 Air Leaked Battery and Weight Details Spark Excitement Ahead of Launch

iPhone 17 Air – Leaked Battery and Weight Details Spark Excitement Ahead of Launch

May 23, 2025
Qualcomm Snapdragon 8 Elite 2: What to Expect from the 2025 Flagship SoC

Qualcomm Snapdragon 8 Elite 2 – What to Expect from the 2025 Flagship SoC

May 23, 2025
Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

May 23, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.