Hackers have compromised several different companies’ Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.
Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday.
“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was “part of a wider campaign to target Chrome extension developers across a wide range of companies.”
Cyberhaven added: “We are actively cooperating with federal law enforcement.”
The geographical extent of the hacks was not immediately clear.
Browser extensions are typically used by internet users to customize their Web-browsing experiences, for example by automatically applying coupons to shopping websites. In Cyberhaven’s case, the Chrome extension was used to help the company monitor and secure client data flowing across Web-based applications.
Jaime Blasco, cofounder of Austin, Texas-based Nudge Security, said he had spotted several other Chrome extensions that had been subverted in the same way as Cyberhaven’s. At least one appeared to have been hit in mid-December.
Blasco said the other affected extensions included ones related to artificial intelligence and virtual private networks. He said that suggested an opportunistic effort to vacuum up sensitive data using as many compromised extensions as possible.
“I’m almost certain this is not targeted to Cyberhaven,” Blasco said. “If I had to guess, this was just random.”
The U.S. cyber watchdog CISA referred questions to the companies involved. A message seeking comment from Alphabet which makes the Chrome browser, was not immediately returned. Reuters