Cyberhaven, a data-loss prevention startup, has confirmed a security breach involving its Google Chrome browser extension. Hackers managed to release a malicious update capable of stealing user passwords and session tokens.
What Happened: The breach was confirmed by Cyberhaven on Friday, although specifics were not disclosed. The email, shared by security researcher Matt Johansen, revealed that a company account was compromised to release the malicious update on Dec. 25.
This update allowed sensitive data to be extracted to the attacker’s domain.
The company stated that its security team identified the breach on December 25 and removed the malicious extension from the Chrome Web Store, replacing it with a legitimate version, according to a report by Vulnerable U.
See Also: Nvidia CES 2025 Keynote: How To Watch Jensen Huang Unveil The RTX 5000 Series GPUs
Cyberhaven’s email advised affected users to revoke and rotate passwords and review logs for suspicious activity.
The company has engaged an incident response firm and is cooperating with federal law enforcement.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
Why It Matters: This breach highlights ongoing security challenges related to browser extensions.
Earlier this year, Google faced scrutiny over its Chrome browser’s privacy practices, particularly in “incognito” mode, where data collection was found to occur without user consent. This incident underscores the importance of robust security measures in browser extensions.
Amid these security concerns, Google has recently integrated AI in its Threat Intelligence tool to enhance its cybersecurity posture. This tool aims to rapidly identify vulnerabilities, which could be crucial in preventing similar breaches.
The search giant also filed an appeal against the Epic Games ruling, citing a higher risk of new security issues.
Check out more of Benzinga's Consumer Tech coverage by following this link.
Read Next:
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Photo courtesy: Unsplash
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
