Data loss prevention startup Cyberhaven revealed that hackers had slipped a malicious update into its Chrome extension aimed at stealing customers' passwords and session tokens. In an email sent to affected customers, the company said the alleged supply chain attack may have led to the exposure of sensitive information. Cyber Attack, which was confirmed by Cyber Haven on Friday, was implemented by compromising a company account to publish a malicious extension update early on December 25. Their certified sessions, cookies, and other data have been extended to domains controlled by the attacker. Cyberhaven declined to comment on the specifics of the incident but did not dispute the authenticity of the email.
Cyberhaven said its security team detected the issue that same day and that the compromised extension (version 24.10.4) was removed from the Chrome Web Store. The company urged affected customers to revoke and update all credentials, including passwords and API tokens, and to carefully review logs for signs of malicious activity.
Stolen session tokens and cookies could allow hackers to circumvent security measures such as passwords and two-factor authentication and gain unauthorized access to user accounts. However, Cyber Haven's email did not specify whether the customer needed to change the identification information of other accounts stored in the Chrome browser.
The compromise account used to publish a malicious update has been identified as the "Cyber Haven's single management account in the Google Chrome Store". Society does not clarify how the account was raped or that it was conducting a security policy at the time, but we are trying to start a complete practice and strengthen the warranty. Cyberhaven has engaged incident response firm Mandiant to assist with the investigation and is working with federal law enforcement.
Jaime Blasco, CTO and co-founder of Nudge Security, noted on social media that the attack also targeted several other Chrome extensions, some with tens of thousands of users. This widespread campaign highlights the growing risk of supply chain attacks across the browser ecosystem.