16 Chrome Extensions Hacked: Full List and Prevention Guide

by
16 Chrome Extensions Hacked: Full List and Prevention Guide

The Breach: 16 Chrome Extensions Hacked

A new cybersecurity threat has emerged with the hacking of 16 Chrome extensions, leaving over 600,000 users exposed to data theft and credential compromise. This large-scale attack has highlighted vulnerabilities in browser security, with extensions being exploited as a backdoor for malicious activities.

16 Chrome Extensions Hacked: Full List and Prevention Guide

The attack involved phishing campaigns targeting developers of legitimate Chrome extensions. Once access was gained, attackers injected malicious code, enabling them to steal cookies, user access tokens, and identity data while communicating with external command-and-control (C&C) servers.

How the Attack Worked

The attackers used phishing emails disguised as urgent notifications from the Chrome Web Store. These emails claimed policy violations and redirected developers to grant permissions to a malicious OAuth application named “Privacy Policy Extension.” With these permissions, hackers uploaded compromised versions of popular extensions, turning them into tools for data theft.

Among the targeted extensions, the cybersecurity firm Cyberhaven was one of the first to report being affected. Their extension was compromised, and malicious code was injected to collect user data and send it to a remote server.

Also Read: Google Chrome’s Game-Changing AI Features in Chrome M121 Revealed

The Full List of Compromised Extensions

The following Chrome extensions were found to be compromised during this attack:

  1. AI Assistant – ChatGPT and Gemini for Chrome
  2. Bard AI Chat Extension
  3. GPT 4 Summary with OpenAI
  4. Search Copilot AI Assistant for Chrome
  5. TinaMind AI Assistant
  6. Wayin AI
  7. VPNCity
  8. Internxt VPN
  9. Vindoz Flex Video Recorder
  10. VidHelper Video Downloader
  11. Bookmark Favicon Changer
  12. Castorus
  13. Uvoice
  14. Reader Mode
  15. Parrot Talks
  16. Primus

Additionally, other extensions such as Rewards Search Automator, Earny – Up to 20% Cash Back, and Sort by Oldest were found to have similar malicious code linked to the same attack campaign.

What Was Stolen?

The compromised extensions collected:

  • Cookies for session hijacking.
  • Access tokens for platforms like Facebook.
  • Personal and browsing data, potentially used for further exploitation.

Also Read: Desktop AI Risks and Security Challenges in Business Technology

Risks to Users and Organizations

The compromised extensions created multiple risks:

  • For Individuals: Theft of login credentials, exposure to phishing attacks, and compromised online accounts.
  • For Organizations: Leaks of sensitive business data, exposure of advertising accounts, and potential legal ramifications for failing to secure user data.

Or Eshed, CEO of LayerX Security, emphasized that browser extensions often have excessive permissions, making them an attractive target for cybercriminals.

Response and Mitigation

Google and the affected developers removed the malicious extensions from the Chrome Web Store. However, simply removing them from the store does not protect users who still have the compromised versions installed on their browsers.

To mitigate risks:

  1. Check Your Extensions: Remove any from the compromised list.
  2. Update Regularly: Ensure all browser extensions are updated to their latest versions.
  3. Review Permissions: Be cautious of extensions that request extensive access to data.
  4. Enable Security Tools: Use browser security solutions to monitor and block suspicious activity.
  5. Stay Informed: Follow cybersecurity updates to identify emerging threats.

Also Read: US Ban on TP-Link Routers: Geopolitical Concerns Over Cybersecurity Risks

How to Stay Safe in the Future

Browser extension security requires proactive measures:

  1. Install Only Trusted Extensions: Verify the developer and reviews before installation.
  2. Limit Permissions: Grant extensions only the permissions they absolutely need.
  3. Conduct Regular Audits: Periodically review and remove unused extensions.
  4. Educate Yourself and Employees: Recognize phishing attacks and report suspicious emails.
  5. Enable Browser Security Features: Many browsers, including Chrome, have built-in tools to block harmful extensions.

Who Was Behind the Attack?

While the attackers remain unidentified, their use of advanced phishing techniques and malicious code injection suggests a highly sophisticated operation. Domains associated with the attack were registered as early as 2021, indicating that the campaign may have been in development for years.

Also Read: US Homeland Security Highlights AI Regulation Challenges and Global Risks

The Larger Implications

This breach has raised serious concerns about the security of browser extensions:

  • For Developers: Strengthened authentication and security protocols are critical to prevent unauthorized access.
  • For Users: Increased awareness and scrutiny of extensions are essential to avoid data theft.
  • For Chrome Web Store: Enhanced review processes and faster response times are needed to identify malicious activity.

Final Thoughts

The hacking of 16 Chrome extensions underscores the importance of securing browser-based tools. Users must remain vigilant, developers need to strengthen their security measures, and platforms like the Chrome Web Store must enhance their review processes to prevent similar breaches. With proactive measures, the risks posed by compromised extensions can be significantly reduced.

FAQs

  1. What happened to the Chrome extensions?
    At least 16 Chrome extensions were hacked, exposing over 600,000 users to data theft through phishing and malicious code.
  2. What kind of data was stolen?
    Cookies, access tokens, and identity information were stolen, with a focus on Facebook Ads accounts.
  3. How can I tell if I’m affected?
    Check if you have any extensions from the compromised list installed. Remove them immediately if found.
  4. Are the extensions still live?
    Some extensions have been removed or updated on the Chrome Web Store, but users must manually uninstall compromised versions from their browsers.
  5. How did the attackers gain access?
    They used phishing emails to impersonate Chrome Web Store representatives and gained control via a malicious OAuth application.
  6. What are the risks of keeping compromised extensions?
    Compromised extensions can continue to exfiltrate data, even if removed from the Web Store.
  7. What should developers do to prevent breaches?
    Developers must adopt two-factor authentication, monitor for unauthorized changes, and regularly audit their codebases.
  8. How can I protect my browser?
    Regularly update extensions, limit permissions, and use browser security solutions to detect suspicious activity.
  9. What is Google doing to address this?
    Google has removed some affected extensions and is investigating the breach, though further actions are pending.
  10. How can organizations safeguard against such threats?
    Organizations should audit browser extensions on their devices, deploy security tools, and train employees to recognize phishing threats.

Leave a Comment

© TechyNerd

Privacy Policy Terms of Service Disclaimer