Chrome extension vulnerabilities leave millions at risk of 2FA bypass attacks, with hackers targeting multiple companies.

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.

Multiple Chrome browser extensions have been hijacked by hackers in recent months to steal data from their users.

Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes. Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET.

A hacker phished a Cyberhaven employee to upload a malicious version of the company's Chrome extension, but it may not be the only victim.

An attack aimed at bypassing two-factor authentication cookies for Google Chrome users has been confirmed—here’s what you need to know.

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.

Cyberattack hits Cyberhaven extension, risking credentials; affected firms advised to review logs and update passwords.

A significant breach of popular Google Chrome extensions, including Cyberhaven, has exposed sensitive user data. Learn how the attack unfolded and how to secure your browser.

Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies,