Google Chrome Extensions Hacked: Here is What Happened and How to Protect Yourself

Google Chrome Extensions Hacked: In the last days of 2024, hackers launched a series of cyber attacks, surprisingly targeting Google Chrome browser extensions. Experts believe that the attackers compromised at least 16 extensions, exposing the data of over 500,000 users.

Hackers used phishing campaigns (fake messages or emails) to trick Chrome extension publishers. By adding harmful code, they gained control of the extensions, allowing the malware to steal users’ data, cookies, and tokens.

Cyberhaven the First Known Victim to Attack

Cyberhaven, a cybersecurity company that helps businesses protect their sensitive information, was the first known victim of the December 24 attack.

Reportedly on December 24, a hacker tricked a Cyberhaven employee, broke into the Chrome extension, and uploaded malicious code.

Cyberhaven disclosed this on December 27, reporting that they had removed the malicious package from the Chrome Web Store after discovering the breach.

Chrome Extension Hack: What Really Happened?

The attackers mainly targeted Facebook users. Once someone logged into Facebook and visited the site, the malicious code went to work.

What They Stole: The extension collected highly sensitive information, including:

• Facebook access tokens (used to stay logged in)
• User IDs and other account details
• Business and ad account data from Facebook
• Cookies and the user agent string (information about your browser and device)

The hacker packaged all this information and sent it directly to their server. They stored the stolen Facebook user ID in the browser to bypass two-factor authentication (2FA) and gain access to accounts.

According to a browser extension security platform, the following extensions have been compromised:

• AI Tools: ChatGPT, Gemini, TinaMind AI Assistant, Search Copilot AI Assistant for Chrome, Bard AI Chat Extension
• VPN: Internxt VPN, VPNCity
• Video & Bookmark Tools: VidHelper Video Downloader, Vindoz Flex Video Recorder, Bookmark Favicon Changer
• Communication Tools: Visual Effects for Google Meet, Email Hunter
• Productivity Tools: Castorus, Uvoice, Reader Mode, Parrot Talks, Primus, AI Shop Buddy
• Security Threats: Tackker, Keyboard History Recorder
• Search and Shopping Tools: Rewards Search Automator, Sort by Oldest

This demonstrates that attackers are methodically targeting popular extensions to exploit their user base.

How to Protect Yourself with Malicious Chrome Extensions

Regularly reviewing extensions, implementing stricter vetting processes in app stores, and raising awareness could have prevented this attack.

Many organizations and individuals are unaware of the extensions installed on their systems.

This incident serves as a wake-up call—a time to take browser extension security seriously.

Here’s what you can do:

• Carefully review permissions and extension requests before installation.
• Regularly audit your extensions and remove the ones you no longer use.
• Stay proactive and think twice before granting access to any data.
• Always update your browser and extensions; updates often fix security loopholes hackers love to exploit.
• Install reliable security software to detect and block malicious activity before it’s too late.

Conclusion

Security researchers are still identifying more exposed extensions. Despite all precautions and safety measures, it’s often our small mistakes that open the door for hackers.

Let’s make security a habit, not a thought!

Stay tuned to Cyber News Live for more stories about the people shaping the future of cyber security.

This article was authored by Subashini Abishek. If you’d like to be a freelance journalist, writer, or weekend warrior with Cyber News Live, please email us at contact@cybernewslive.com. Thank you!