<ul><li>Cyberhaven, a data loss prevention company, confirmed that its Google Chrome extension was targeted in a Christmas Eve cyberattack.</li><li>The attack, part of a wider campaign targeting other companies, occurred after an employee fell for a phishing email, allowing the threat actor to gain access to Cyberhaven's systems.</li><li>The attacker posted a malicious version of Cyberhaven's Chrome extension on the marketplace, affecting version 24.10.4 on Chrome-based browsers that auto-updated.</li><li>While no other Cyberhaven systems were compromised, users' sensitive information like cookies and authenticated sessions for certain websites could have been exfiltrated. Users are advised to update their extensions and change their passwords.</li></ul>

Google Chrome extensions targeted by hackers to steal user passwords

Discover more