As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.
The compromises came to light with the discovery by data loss prevention service Cyberhaven that a Chrome extension used by 400,000 of its customers had been updated with code that stole their sensitive data.
‘Twas the night before Christmas
The malicious extension, available as version 24.10.4, was available for 31 hours, starting on December 25 at 1:32 AM UTC to Dec 26 at 2:50 AM UTC. Chrome browsers actively running the Cyberhaven during that window would automatically download and install the malicious code. Cyberhaven responded by issuing version 24.10.5, and a few days later 24.10.6.
