Hackers compromised Cyberhaven’s Chrome extension in a suspected supply-chain attack, publishing a malicious update capable of stealing customer passwords and session tokens. The attack raised serious concerns about the security of widely-used browser extensions. Cyberhaven, a data-loss prevention startup, confirmed the incident but withheld specific technical details about the breach.
According to an email sent to affected customers and later shared by security researcher Matt Johansen, the attack occurred during the early hours of December 25. Hackers reportedly gained access to a company account and used it to push a malicious update (version 24.10.4) to unsuspecting users. This update potentially allowed attackers to exfiltrate sensitive information, such as authenticated session tokens, cookies, and customer credentials.
The breach was detected later that day by Cyberhaven’s internal security team, who immediately removed the compromised extension from the Chrome Web Store. A secure version (24.10.5) was released shortly afterward to mitigate the impact and restore user confidence. However, the rapid timeline of the attack highlights the challenges companies face in responding to supply-chain breaches.
Impact on Corporate Users
Cyberhaven’s products are widely used by over 400,000 corporate customers to monitor for data exfiltration and cyber threats. Affected organizations include a mix of prominent enterprises and technology leaders, such as:
- Snowflake: Cloud data platform provider Content was cut in order to protect the source.Please visit the source for the rest of the article.