Chrome extensions hacked, putting over 600,000 users at risk. A targeted attack has compromised 16 extensions, allowing hackers to steal sensitive data like cookies and access tokens.
This attack started with phishing emails sent to developers. These emails, pretending to be from Chrome Web Store Developer Support, falsely warned of policy violations. They urged recipients to click a link to resolve the issue. By doing so, developers unknowingly granted permissions to a malicious OAuth app called “Privacy Policy Extension.” Hackers then uploaded infected versions of popular extensions.
A researcher revealed that the first reported attack occurred on December 24. Malicious code added to the extension connected it to a remote server. This server downloaded configurations and extracted user data. Shockingly, investigations showed the breach was part of a larger campaign. Domains linked to the attack were registered as far back as 2022. Extensions like “Reader Mode” and “Rewards Search Automator” were among those compromised, containing similar harmful code.
Reports highlighted that many organizations underestimate browser extensions’ risks. Extensions often have access to sensitive data but lack strong security. For example, compromised versions might still run on user devices even after removal from the Chrome Web Store. Hackers can continue exploiting these versions unless users manually update or uninstall them.
However, there is hope. Some compromised extensions were quickly updated or removed. Security researchers are working to identify more exposed extensions. Nevertheless, this incident emphasizes the need for better browser extension security.
Preventing Such Attacks
To prevent similar incidents, organizations should audit installed browser extensions regularly. Users must avoid granting unnecessary permissions and update extensions frequently. Training to recognize phishing emails can also stop such attacks early. Developers should enable two-factor authentication and stay alert for unusual activity. By taking these steps, the risks of browser extension breaches can be reduced significantly.