In late December 2024, Cyberhaven, a data security firm, experienced a cyberattack that compromised its Chrome browser extension. The breach occurred on December 24 when a phishing email targeted a Cyberhaven employee, granting attackers access to the company’s Chrome Web Store account. This access was used to publish a malicious update (version 24.10.4) of the extension, which remained active for approximately 24 hours before detection and removal.
The malicious code aimed to exfiltrate sensitive user data, specifically targeting Facebook Ads accounts by stealing browser cookies and authentication sessions. Cyberhaven’s swift response included notifying affected customers, releasing a clean extension update (version 24.10.5), and collaborating with federal law enforcement and third-party security firms to investigate the incident.
This attack was part of a broader campaign affecting multiple Chrome extensions across various companies, including those related to artificial intelligence and virtual private networks. Security experts suggest that the attackers sought to collect data from as many compromised extensions as possible, indicating an opportunistic approach rather than a targeted attack on Cyberhaven alone.