In an alarming cybersecurity breach, hackers compromised Chrome extensions of multiple companies, including Cyberhaven, to access sensitive data. The attack, ongoing since December, highlights vulnerabilities in browser extensions.
Hackers Target Chrome Extensions in December Campaign
According to Investing.com, an expert who has studied the campaign and one of the victims reported that hackers have been compromising the Chrome browser extensions of multiple companies since the middle of December.
The data protection business Cyberhaven, located in California, was one of the victims. Cyberhaven acknowledged the hack to Reuters on Friday.
"Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension," according to the announcement. Public remarks made by cybersecurity professionals were referenced. An investigation by Cyberhaven revealed that these remarks hinted at an assault that was "part of a wider campaign to target Chrome extension developers across a wide range of companies."
Cyberhaven Responds to Federal Investigations
According to Cyberhaven, "We are actively cooperating with federal law enforcement."
It was unclear at the moment how widespread the hacks were.
A common use case for browser extensions is the ability to automate the application of coupons to online shopping sites, among other customization options. For Cyberhaven, the Chrome plugin meant easier data monitoring and security across all of their clients' online apps.
Experts Link Hacks to Sensitive Data Theft
One of Nudge Security's cofounders, Jaime Blasco of Austin, Texas, claimed to have uncovered multiple more Chrome extensions compromised in a similar fashion to Cyberhaven's. In the middle of December, it seemed like at least one had been struck.
According to Blasco, extensions associated with virtual private networks and artificial intelligence were among the others that were impacted. According to him, that pointed to a malicious attempt to steal sensitive information by exploiting as many vulnerable extensions as feasible.
"I'm almost certain this is not targeted to Cyberhaven," added Blasco. "If I had to guess, this was just random."
Questions were directed to the companies implicated by the U.S. cyber watchdog CISA. Alphabet, the maker of the Chrome browser, did not immediately respond to a message requesting comment.


Australia Flags Child Safety Gaps at Apple, Meta, Google Over Online Sexual Extortion
Asian Currencies Stay Rangebound as Middle East Tensions, Weak China GDP Weigh on Sentiment
ASML Raises 2026 Outlook as AI Chip Demand Lifts Q2 Earnings
Asian Stocks Slide as Oil Surge, U.S.-Iran Tensions and Fed Rate Bets Weigh on Markets
Zhipu AI Raises HK$31.37 Billion in Discounted Share Sale to Accelerate AI Growth
Apple Tests China's CXMT Memory Chips as DRAM Maker Gains Global Market Share
Bain Capital Exits Kioxia After AI-Fueled Valuation Surge
Dollar Rises as Middle East Conflict Fuels Inflation and Rate Hike Fears
TSMC Q2 Revenue Surges 36% as AI Chip Demand Powers Growth Ahead of Earnings
Japanese Yen Holds Steady as Intervention Hopes Grow Ahead of U.S. CPI Data
Asian Stocks Rise as Softer U.S. Inflation Boosts Sentiment Despite Middle East Tensions
Trump Administration Launches AI Cybersecurity Partnership to Protect Critical Infrastructure
SK Hynix’s $28 Billion U.S. Share Sale Draws Massive Demand Amid AI Chip Boom
Australian Business Conditions Hold Steady as Easing Cost Pressures Face New Oil Price Risks
Oil Prices Surge as U.S.-Iran Conflict Escalates and Strait of Hormuz Risks Grow
US Inflation Expected to Ease in June, but Fed Rate Hike Risks Persist Amid Middle East Tensions 



