{"id":374002,"date":"2024-12-31T10:17:17","date_gmt":"2024-12-31T10:17:17","guid":{"rendered":"https:\/\/www.techopedia.com\/?p=374002"},"modified":"2024-12-31T10:19:48","modified_gmt":"2024-12-31T10:19:48","slug":"chrome-browser-extensions-hacked","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked","title":{"rendered":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk"},"content":{"rendered":"<p>Cybercriminals have unleashed a large-scale attack on popular Chrome browser extensions, potentially compromising more than 2.5 million users\u2019 data.<\/p>\n<p>Rather than relying on the popular tactic of creating fake extensions in the Chrome Web Store, this campaign infects legitimate apps with <a href=\"https:\/\/www.techopedia.com\/definition\/4014\/malicious-code\">malicious code<\/a>.<\/p>\n<p>As of December 30, 2024, at least 26 widely used extensions have been infected, leading to stolen user data, cookies, and even reports of hijacking <a href=\"https:\/\/www.techopedia.com\/definition\/13657\/multi-factor-authentication-mfa\">multi-factor authentication<\/a> sessions.<\/p>\n<p>Techopedia explores the tactics behind this campaign, the browser extensions impacted, and essential tips to protect yourself and your data.<\/p>\n<div class=\"su-note\"  style=\"border-color:#e5e54c;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\"><div class=\"su-note-inner su-u-clearfix su-u-trim\" style=\"background-color:#FFFF66;border-color:#ffffff;color:#333333;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\">\n<h2><span id=\"key_takeaways\">Key Takeaways<\/span><\/h2>\n<ul>\n<li aria-level=\"1\">A large-scale cyberattack is targeting known Chrome browser extensions, leaving at least 26 extensions compromised.<\/li>\n<li aria-level=\"1\">The breach potentially exposes over 2.5 million users to data and credential theft.<\/li>\n<li aria-level=\"1\">Black hat hackers are targeting developers to load malicious code in legitimate extensions by impersonating Google Chrome Web Store Developer Support.<\/li>\n<li aria-level=\"1\">The number of breached browser extensions could rise in the following days.<\/li>\n<\/ul>\n<\/div><\/div>\n<div>\n    <section class=\"toc-sticky w-100 bg-white \">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\"\n                 aria-controls=\"multiCollapse1\"\n                 data-bs-target=\"#multiCollapse1\">\n                <button\n                        class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\"\n                >\n                    <i class=\"icon-chevron-up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n                <span class=\"toc-main-title-permanent\">Table of Contents<\/span>\n            <\/div>\n            <div\n                    class=\"collapse my-3\"\n                    id=\"multiCollapse1\"\n            >\n                <ol class=\"StepProgress\">\n                                                                        <li class=\"StepProgress-item current\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"key_takeaways\"\n                               onclick=handleScrollToTitle(\"key_takeaways\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Key Takeaways<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"how_hackers_target_developers_to_load_malicious_code_in_legitimate_extensions\"\n                               onclick=handleScrollToTitle(\"how_hackers_target_developers_to_load_malicious_code_in_legitimate_extensions\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">How Hackers Target Developers to Load Malicious Code in Legitimate Extensions<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"what_browser_extensions_have_been_hacked\"\n                               onclick=handleScrollToTitle(\"what_browser_extensions_have_been_hacked\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">What Browser Extensions Have Been Hacked?<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"sophisticated_browser_hijack\"\n                               onclick=handleScrollToTitle(\"sophisticated_browser_hijack\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Sophisticated Browser Hijack<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"the_bottom_line_how_to_keep_safe\"\n                               onclick=handleScrollToTitle(\"the_bottom_line_how_to_keep_safe\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">The Bottom Line: How To Keep Safe<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"faqs\"\n                               onclick=handleScrollToTitle(\"faqs\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">FAQs<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"references\"\n                               onclick=handleScrollToTitle(\"references\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">References<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                    <\/ol>\n                <div class=\"toc-sticky__container__disperse\"><\/div>\n                <div class=\"toc-sticky__btn-top justify-content-center\">\n                    <button class=\"btn btn-link d-flex align-items-center\" onclick={btnTop()}><p>Show Full Guide<\/p><img decoding=\"async\"\n                                src=\"\/wp-content\/plugins\/table-of-contents\/assets\/images\/arrow-up-circle.svg\"\n                                alt=\"arrow-up-circle\">\n                    <\/button>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/section>\n    <div class=\"toc-sticky-list\">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\" aria-controls=\"multiCollapse2\" data-bs-target=\"#multiCollapse2\">\n                <button class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\">\n                    <i class=\"icon-chevron-up up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n            <\/div>\n            <div  class=\"collapse my-3\" id=\"multiCollapse2\">\n                <ol class=\"StepProgress\">\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item current \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"key_takeaways\"\n                                   onclick=handleScrollToTitle(\"key_takeaways\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Key Takeaways<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"how_hackers_target_developers_to_load_malicious_code_in_legitimate_extensions\"\n                                   onclick=handleScrollToTitle(\"how_hackers_target_developers_to_load_malicious_code_in_legitimate_extensions\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">How Hackers Target Developers to Load Malicious Code in Legitimate Extensions<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"what_browser_extensions_have_been_hacked\"\n                                   onclick=handleScrollToTitle(\"what_browser_extensions_have_been_hacked\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">What Browser Extensions Have Been Hacked?<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t\n\t\t\t\t\t\t <span class=\"show_moretoc\">Show Full Guide<\/span>\n\t\t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"sophisticated_browser_hijack\"\n                                   onclick=handleScrollToTitle(\"sophisticated_browser_hijack\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Sophisticated Browser Hijack<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"the_bottom_line_how_to_keep_safe\"\n                                   onclick=handleScrollToTitle(\"the_bottom_line_how_to_keep_safe\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">The Bottom Line: How To Keep Safe<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"faqs\"\n                                   onclick=handleScrollToTitle(\"faqs\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">FAQs<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"references\"\n                                   onclick=handleScrollToTitle(\"references\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">References<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                                    <\/ol>\n            <\/div>\n            <div class=\"toc-sticky__container__disperse\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n<script id=\"toc-js\">\n    window.addEventListener(\"DOMContentLoaded\", () => {\n        const header = document.querySelector(\".header_wrapper\");\n\n        const pageLegend = document.querySelector('#multiCollapse1');\n        const pageLegendList = document.querySelector('#multiCollapse2');\n        const pageLegendCollapse = new bootstrap.Collapse(pageLegend, {toggle: document.querySelector(\".toc-sticky\").classList.contains('sticky')});\n\n        \/**\n         * Changing current title\n         *\/\n        (function (pageLegend) {\n            const titleNodes = pageLegend.querySelectorAll('.StepProgress-item__link');\n\n            if (!titleNodes.length) return;\n\n            const titles = [...titleNodes].map((itm, i) => ({\n                id: itm.getAttribute('data-id'),\n                text: itm.textContent,\n                level: itm.getAttribute('data-level'),\n                linkNode: itm,\n                titleNode: document.getElementById(itm.getAttribute('data-id')),\n                index: i,\n            }));\n\n            \/**\n             * Source: https:\/\/www.sitepoint.com\/throttle-scroll-events\/\n             * @param {Function} fn\n             * @param {number} wait\n             * @returns {(function(): void)|*}\n             *\/\n            const throttle = (fn, wait) => {\n                let time = Date.now();\n                return function () {\n                    if ((time + wait - Date.now()) < 0) {\n                        fn();\n                        time = Date.now();\n                    }\n                }\n            }\n\n            const changeCurrentTitle = () => {\n                const documentScrollTop = window.pageYOffset || document.documentElement.scrollTop || document.body.scrollTop || 0;\n                let current = 0;\n\n                \/\/ Title\n                titles.forEach((itm, i) => {\n\t\t\t\t\/\/console.log(itm)\n                    const itmOffsetTop = itm.titleNode ? itm.titleNode.offsetTop - 100 : 0;\n\n                    if (documentScrollTop >= itmOffsetTop) {\n                        document.getElementById('toc-current-title').innerHTML = itm.text;\n                        document.getElementById('toc-current-title').setAttribute('data-current-id', itm.id);\n                        document.getElementById('toc-current-title').setAttribute('data-current-level', itm.level);\n                        current = i;\n                    }\n                })\n\n                \/\/ close all list and open sub list if needed\n                if (document.querySelector(\".toc-sticky\").classList.contains('sticky')) {\n                    document.querySelectorAll('.subList-in-progress').forEach((el) => {\n                        el.children[1].classList.remove('show');\n                        el.getElementsByClassName('icon-chevron-down')[0].classList.remove('up');\n                    });\n                    const currentEl = titles[current];\n                    currentEl.linkNode.classList.add('show');\n                }\n\n                titles.forEach((itm, i) => {\n                    itm.linkNode.parentNode.parentNode.classList.remove('current', 'is-done');\n                    if (current > i) {\n                        itm.linkNode.parentNode.parentNode.classList.add('is-done')\n                    };\n                    if (current === i) {\n                      itm.linkNode.parentNode.parentNode.classList.add('current');\n                    };\n                })\n\n            }\n\n            changeCurrentTitle();\n\n            document.addEventListener('scroll', throttle(changeCurrentTitle, 50));\n        })(pageLegend);\n\n\n        \/**\n         *  Collapse\n         *\/\n        (function (pageLegend, header) {\n            const icon = pageLegend.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = (status) => (e) => {\n                if (!e.target.isEqualNode(pageLegend)) return;\n\n                icon.classList.toggle(\"up\");\n\n                const containerHeight = pageLegend.getBoundingClientRect().height;\n\n                const showSubtitleContent = () => {\n                    const currentId = document.getElementById('toc-current-title').getAttribute('data-current-id');\n                    const currentLevel = document.getElementById('toc-current-title').getAttribute('data-current-level');\n                    const currentSubTitle = currentLevel == 3 ? document.querySelector(`a[data-id=\"${currentId}\"]`).parentNode.parentNode.parentNode : false;\n\n                    if (!currentSubTitle) return;\n                    new bootstrap.Collapse(currentSubTitle, {toggle: false}).show();\n                }\n\n                showSubtitleContent();\n                if (status === 'shown' && document.querySelector(\".toc-sticky\").classList.contains('sticky') ) {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.add('overflow-auto');\n                    pageLegend.style.height = `calc(100vh - ${header.getBoundingClientRect().height + document.querySelector('.toc-sticky__open').getBoundingClientRect().height + 16}px)`;\n                } else if (status === 'hide') {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.remove('overflow-auto');\n                    pageLegend.style.height = 'auto';\n                }\n            }\n\n            pageLegend.addEventListener('shown.bs.collapse', collapseToggle('shown'));\n            pageLegend.addEventListener('hide.bs.collapse', collapseToggle('hide'));\n        })(pageLegend, header);\n\n        \/**\n         * Collapse sub-titles\n         *\/\n        (function (pageLegend) {\n            const collapseEls = pageLegend.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegend);\n\n        \/**\n         *  Collapse main title\n         *\/\n        (function (pageLegendList) {\n            const icon = pageLegendList.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = () => (e) => {\n                if (!e.target.isEqualNode(pageLegendList)) return;\n\n                icon.classList.toggle(\"up\");\n\n            }\n            pageLegendList.addEventListener('shown.bs.collapse', collapseToggle());\n            pageLegendList.addEventListener('hide.bs.collapse', collapseToggle());\n        })(pageLegendList);\n\n        (function (pageLegendList) {\n            const collapseEls = pageLegendList.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.toc-sticky-list .collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegendList);\n\n        \/**\n         * Sticky functionality\n         * Source: https:\/\/stackoverflow.com\/questions\/17893771\/javascript-sticky-div-after-scroll\n         *\/\n        (function (header, pageLegendCollapse) {\n            \/\/ set everything outside the onscroll event (less work per scroll)\n            const target = document.querySelector(\".toc-sticky\");\n            const targetListStatic = document.querySelector(\".toc-sticky-list\");\n\n            if (!target || !header) return;\n\n            const headerHeight = header.getBoundingClientRect().height;\n            const targetHeight = targetListStatic.getBoundingClientRect().height;\n\n            \/\/ -headerHeight so it won't be jumpy\n            const stop = targetListStatic.offsetTop + headerHeight + targetHeight;\n            const docBody =\n                document.documentElement || document.body.parentNode || document.body;\n            const hasOffset = window.pageYOffset !== undefined;\n\n            const applySticky = function () {\n                \/\/ cross-browser compatible scrollTop.\n                const scrollTop = hasOffset ? window.pageYOffset : docBody.scrollTop;\n\n                \/\/ if user scrolls to headerHeight from the top of the target div\n                if (scrollTop >= stop) {\n                    pageLegendCollapse.hide();\n                    \/\/ stick the div\n                    target.classList.add(\"sticky\");\n                    \/\/target.style.marginTop = `${headerHeight}px`;\n                } else {\n                    pageLegendCollapse.show();\n                    \/\/ release the div\n                    target.classList.remove(\"sticky\");\n                    target.style.marginTop = \"\";\n                }\n            }\n\n            applySticky();\n\n            window.addEventListener('scroll', applySticky);\n        })(header, pageLegendCollapse);\n\tjQuery('span.show_moretoc').click(function(){\n\t\tjQuery('span.show_moretoc').hide();\n\t   jQuery('.ms_hidetoc').show();\n\t});\n    });\n\n    \/\/ When the user clicks on the button, scroll to the top of the document\n    function btnTop() {\n        const pageLegend = document.querySelector('#multiCollapse1');\n        document.querySelector('html').classList.remove('overflow-hidden');\n        pageLegend.classList.remove('overflow-auto');\n        pageLegend.style.height = 'auto';\n        window.scrollTo({\n            top: 0,\n            behavior: 'smooth'\n        });\n    }\n\n    const handleScrollToTitle = (id) => {\n        const el = document.getElementById(id);\n        const headerHeightDifference = window.innerWidth < 992 ? -30 : -15;\n        window.scrollTo({\n            top: el.offsetTop - 60 - headerHeightDifference - 10,\n        });\n    }\n<\/script>\n\n<h2><span id=\"how_hackers_target_developers_to_load_malicious_code_in_legitimate_extensions\">How Hackers Target Developers to Load Malicious Code in Legitimate Extensions<\/span><\/h2>\n<figure id=\"attachment_374011\" aria-describedby=\"caption-attachment-374011\" style=\"width: 1805px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store.jpg\" alt=\"Chrome Web Store\" width=\"1805\" height=\"826\" class=\"size-full wp-image-374011\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store.jpg 1805w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store-300x137.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store-1024x469.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store-768x351.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store-1536x703.jpg 1536w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Web-Store-1200x549.jpg 1200w\" sizes=\"(max-width: 1805px) 100vw, 1805px\" \/><figcaption id=\"caption-attachment-374011\" class=\"wp-caption-text\">The Chrome Web Store is a fantastic resource of browser extensions &#8211; but some extensions have been compromised. (Screenshot)<\/figcaption><\/figure>\n<p>The California-based Cyberhaven, a data protection company, was the first to confirm the breach, followed by reports of attacks centered on <a href=\"https:\/\/www.techopedia.com\/definition\/vpn-virtual-private-network\">VPN<\/a> and <a href=\"https:\/\/www.techopedia.com\/definition\/34633\/generative-ai\">generative AI<\/a>-based browser extensions.<\/p>\n<p>By December 30, the threat campaign had affected <a href=\"https:\/\/thehackernews.com\/2024\/12\/when-good-extensions-go-bad-takeaways.html\" target=\"_blank\">at least 26 browser extensions<\/a> installed by over 2.5 million users. This number could continue to grow in the coming week.<\/p>\n<p>The unknown cybercriminals behind this campaign are exclusively targeting developers who work with the Chrome Web Store.<\/p>\n<p>Unlike other browser extension attacks, where threat actors create fake apps, this campaign infects legitimate apps with malicious code. The end goal is stealing user information at scale.<\/p>\n<p>The coordinated cyber attack against web browser extensions, which began mid-December and continues to unravel, works in a unique way.<\/p>\n<p>The cyber attack begins when <a href=\"https:\/\/www.techopedia.com\/definition\/26342\/black-hat-hacker\">black hat hackers<\/a> send <a href=\"https:\/\/www.techopedia.com\/definition\/4049\/phishing\">phishing emails<\/a> to browser extension companies and their developers. These emails impersonate Google Chrome Web Store Developer Support and mislead and pressure developers by falsely claiming that their \u201cextension is at imminent risk of removal\u201d due to \u201ca violation of Developer Program Policies\u201d.<\/p>\n<p>The email is a lure to trick developers into giving away sensitive data, which is later used to load malicious code into a legitimate app to steal users\u2019 cookies and access tokens.<\/p>\n<h2><span id=\"what_browser_extensions_have_been_hacked\">What Browser Extensions Have Been Hacked?<\/span><\/h2>\n<p>Cybersecurity researchers from <a href=\"https:\/\/secureannex.com\/blog\/cyberhaven-extension-compromise\/\" target=\"_blank\">Secure Annex<\/a> listed the following browser extensions as impacted, some of which have been since patched from the Chrome App Store:<\/p>\n<div class=\"su-note\"  style=\"border-color:#e5e54c;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\"><div class=\"su-note-inner su-u-clearfix su-u-trim\" style=\"background-color:#FFFF66;border-color:#ffffff;color:#333333;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\">\n<ul>\n<li aria-level=\"1\">VPNCity<\/li>\n<li aria-level=\"1\">Parrot Talks<\/li>\n<li aria-level=\"1\">Uvoice<\/li>\n<li aria-level=\"1\">Internxt VPN<\/li>\n<li aria-level=\"1\">Bookmark Favicon Changer<\/li>\n<li aria-level=\"1\">Castorus<\/li>\n<li aria-level=\"1\">Wayin AI<\/li>\n<li aria-level=\"1\">Search Copilot AI Assistant for Chrome<\/li>\n<li aria-level=\"1\">VidHelper &#8211; Video Downloader<\/li>\n<li aria-level=\"1\">AI Assistant &#8211; ChatGPT and Gemini for Chrome<\/li>\n<li aria-level=\"1\">Vidnoz Flex &#8211; Video recorder &amp; Video share<\/li>\n<li aria-level=\"1\">TinaMind &#8211; The GPT-4o-powered AI Assistant!<\/li>\n<li aria-level=\"1\">Bard AI chat<\/li>\n<li aria-level=\"1\">Reader Mode<\/li>\n<li aria-level=\"1\">Primus (prev. PADO)<\/li>\n<li aria-level=\"1\">Tackker &#8211; online keylogger tool<\/li>\n<li aria-level=\"1\">AI Shop Buddy<\/li>\n<li aria-level=\"1\">Sort by Oldest<\/li>\n<li aria-level=\"1\">Rewards Search Automator<\/li>\n<li aria-level=\"1\">Earny &#8211; Up to 20% Cash Back<\/li>\n<li aria-level=\"1\">ChatGPT Assistant &#8211; Smart Search<\/li>\n<li aria-level=\"1\">Keyboard History Recorder<\/li>\n<li aria-level=\"1\">Email Hunter<\/li>\n<li aria-level=\"1\">Visual Effects for Google Meet<\/li>\n<li aria-level=\"1\">Cyberhaven security extension V3<\/li>\n<li aria-level=\"1\">GraphQL Network Inspector<\/li>\n<li aria-level=\"1\">GPT 4 Summary with OpenAI<\/li>\n<li aria-level=\"1\">Vidnoz Flex &#8211; Video recorder &amp; Video share<\/li>\n<li aria-level=\"1\">YesCaptcha assistant<\/li>\n<\/ul>\n<\/div><\/div>\n<p>The total number of users of these web browser extensions is over 2.5 million people. The number of breached browser extensions could rise in the following days.<\/p>\n<p>Analysis of the malicious code found that C2 attacker-controlled servers are being used to steal data. Additionally, a large number of redirects to malicious domains have been found.<\/p>\n<p>Cybersecurity researchers are still trying to figure out most of the malicious code and what it does, as the hackers strongly obfuscated the code.<\/p>\n<p>There are reports of <a href=\"https:\/\/www.techopedia.com\/definition\/threat-actor\">threat actors<\/a> also stealing <a href=\"https:\/\/www.techopedia.com\/definition\/4910\/session-cookie\">session cookies<\/a> in this campaign to bypass users\u2019 Google 2FA sessions.<\/p>\n<p>The malicious code in this campaign redirects users to fake and malicious sites through search query takeovers and redirections. This can lead to identity and credential theft, activity tracking, and remote command execution.<\/p>\n<p>Basically, threat actors can take over users\u2019 browsers.<\/p>\n<h2><span id=\"sophisticated_browser_hijack\">Sophisticated Browser Hijack<\/span><\/h2>\n<p>To date, it is unknown who is the actor behind this wave of cyber attacks against browser extension developers.<\/p>\n<p>As the techniques used by attackers continue to develop, other threat actors may join in, seizing the opportunity.<\/p>\n<p>While many affected developers reported email phishing as the attack vector, it is possible that other infiltration methods have been deployed.<\/p>\n<p>Browser extension hijacking is not uncommon. However, loading malicious code into legitimate apps is something not seen every day in cybersecurity.<\/p>\n<p>Browser extensions on Chrome\u2019s official site are being removed to prevent users from downloading extensions that are operating as <a href=\"https:\/\/www.techopedia.com\/definition\/4015\/malicious-software-malware\">malware<\/a>. In the meantime, developers work on and deploy patches.<\/p>\n<p>Due to the scale of this attack, cybersecurity teams and companies are still playing catch up. An automated vector of attack could be the reason why this attack is scaling fast.<\/p>\n<p>It&#8217;s clear that threat actors have in their hands a long list of emails belonging to browser extension developers. These are most likely being fed to automated phishing tools, speeding the distribution of the campaign.<\/p>\n<p>Developer emails are publicly listed on Chrome Store but these emails are usually used to report bugs. It is unclear if the threat actor has obtained information belonging to developers from another breach or leak.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/tramdas\/?originalSubdomain=au\" target=\"_blank\"><strong>Tirath Ramdas<\/strong><\/a><strong>, AI software developer and founder of <\/strong><a href=\"http:\/\/chamomile.ai\" target=\"_blank\"><strong>Chamomile.ai<\/strong><\/a>, spoke to Techopedia about browser extension security.<\/p>\n<blockquote><p>\u201cThere is a perception that browser extensions are plugins and, as such, would not be capable of much harm.<\/p>\n<p>&nbsp;<\/p>\n<p>\u201cBut in reality, browser extensions and web service workers sit in a highly privileged position, potentially intercepting the visible and non-visible content related to every web page viewed by the user.\u201d<\/p><\/blockquote>\n<p>Ramdas said that consumers have become more aware of the risks around downloading and running software from the Internet, and browsers and operating systems like Windows and MacOS do a good job of protecting users from malware.<\/p>\n<p>\u201cBut this awareness and protection does not extend to browser extensions,\u201d Ramdas said.<\/p>\n<h2><span id=\"the_bottom_line_how_to_keep_safe\">The Bottom Line: How To Keep Safe<\/span><\/h2>\n<p>Because a significant number of websites, IPs, and domains have been linked to this widespread campaign, and different hacking techniques have also been identified, there is no single security patch or unique solution that users or developers can deploy as a silver bullet.<\/p>\n<p>If you are a user and have downloaded one of the impacted browser extensions we recommend you uninstall it, clear your browser cache, and reinstall the extension if patched.<\/p>\n<p>Additionally, you might want to look at your browser extensions\u2019 permissions. Changing your password and enabling multi-factor authentication may be a burden but it is a necessary step for those impacted.<\/p>\n<p>On the other hand, developers and browser extension companies have a harder road ahead. They must audit their browser extensions to double-check the integrity of their extensions.<\/p>\n<p>They must also look for suspicious activity and spread the word among developers to watch out for phishing.<\/p>\n<p>Browsers are considered a treasure trove for cybercriminals, as they store a wide range of personal information.<\/p>\n<p>Remember, only install browser extensions you are familiar with. Stay away from extensions with a low number of users, and read the users\u2019 reviews before installing it on your browser.<\/p>\n<h2><span id=\"faqs\">FAQs<\/span><\/h2>\n<div class=\"man_faq_sec\" itemscope itemtype=\"https:\/\/schema.org\/FAQPage\"><\/time><section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What is the scale of the Chrome browser extension cyberattack?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Over 2.5 million users are at risk, with at least 26 extensions compromised.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">How are hackers compromising Chrome extensions?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Hackers use phishing emails impersonating Google Chrome Web Store Developer Support to trick developers into leaking sensitive information.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What should I do if I\u2019ve installed a compromised extension?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Uninstall the extension, clear your cache, reinstall if patched, and update your passwords while enabling multi-factor authentication.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What data can hackers access through compromised extensions?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Hackers can access cookies, tokens, and browsing history and potentially bypass two-factor authentication protections.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">How can users avoid downloading malicious Chrome extensions?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Stick to extensions with a high number of users and positive reviews, and regularly check permissions for suspicious activity.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">How can developers protect their browser extensions?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Developers need to audit their extensions, monitor for suspicious activity, and avoid phishing scams by verifying email sources.<\/p>\r\n                <\/div><\/div><\/section>\n<div class=\"reference-content\">\n<div class=\"reference-heading reference-content-collapsible-heading\">\n<h2><span id=\"references\">References<\/span><\/h2>\n<\/div>\n<div class=\"reference-content-body\">\n<ol>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/12\/when-good-extensions-go-bad-takeaways.html\" target=\"_blank\" rel=\"noopener\">When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions<\/a> (Hacker News)<\/li>\n<li><a href=\"https:\/\/secureannex.com\/blog\/cyberhaven-extension-compromise\/\" target=\"_blank\" rel=\"noopener\">Secure Annex &#8211; Enterprise Browser Extension Security &amp; Management Platform<\/a> (Secure Annex)<\/li>\n<li><a href=\"https:\/\/www.linkedin.com\/in\/tramdas\/?originalSubdomain=au\" target=\"_blank\" rel=\"noopener\">Tirath Ramdas &#8211; Chamomile.ai | LinkedIn<\/a> (Linkedin)<\/li>\n<li><a href=\"http:\/\/chamomile.ai\" target=\"_blank\" rel=\"noopener\">Chamomile.ai<\/a> (Chamomile)<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Cybercriminals have unleashed a large-scale attack on popular Chrome browser extensions, potentially compromising more than 2.5 million users\u2019 data. Rather than relying on the popular tactic of creating fake extensions in the Chrome Web Store, this campaign infects legitimate apps with malicious code. As of December 30, 2024, at least 26 widely used extensions have [&hellip;]<\/p>\n","protected":false},"author":286688,"featured_media":374016,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[585,548],"tags":[],"category_partsoff":[],"class_list":["post-374002","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threats","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk - Techopedia<\/title>\n<meta name=\"description\" content=\"A new cyberattack is breaching Chrome browser extensions to steal users&#039; data after phishing scams caught developers out.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk\" \/>\n<meta property=\"og:description\" content=\"A new cyberattack is breaching Chrome browser extensions to steal users&#039; data after phishing scams caught developers out.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-31T10:17:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-31T10:19:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"686\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ray Fernandez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ray Fernandez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\"},\"author\":{\"name\":\"Ray Fernandez\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\"},\"headline\":\"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk\",\"datePublished\":\"2024-12-31T10:17:17+00:00\",\"dateModified\":\"2024-12-31T10:19:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\"},\"wordCount\":1428,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#respond\"]}],\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\",\"url\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\",\"name\":\"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg\",\"datePublished\":\"2024-12-31T10:17:17+00:00\",\"dateModified\":\"2024-12-31T10:19:48+00:00\",\"description\":\"A new cyberattack is breaching Chrome browser extensions to steal users' data after phishing scams caught developers out.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg\",\"width\":1200,\"height\":686,\"caption\":\"Chrome Extensions Compromised\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\",\"name\":\"Ray Fernandez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"caption\":\"Ray Fernandez\"},\"description\":\"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ray-fernandez\/\"],\"knowsAbout\":[\"Senior Technology Journalist\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/rayfernandez\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk - Techopedia","description":"A new cyberattack is breaching Chrome browser extensions to steal users' data after phishing scams caught developers out.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk","og_description":"A new cyberattack is breaching Chrome browser extensions to steal users' data after phishing scams caught developers out.","og_url":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2024-12-31T10:17:17+00:00","article_modified_time":"2024-12-31T10:19:48+00:00","og_image":[{"width":1200,"height":686,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg","type":"image\/jpeg"}],"author":"Ray Fernandez","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"Ray Fernandez","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked"},"author":{"name":"Ray Fernandez","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c"},"headline":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk","datePublished":"2024-12-31T10:17:17+00:00","dateModified":"2024-12-31T10:19:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked"},"wordCount":1428,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#respond"]}],"copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/www.techopedia.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked","url":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked","name":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg","datePublished":"2024-12-31T10:17:17+00:00","dateModified":"2024-12-31T10:19:48+00:00","description":"A new cyberattack is breaching Chrome browser extensions to steal users' data after phishing scams caught developers out.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/12\/Chrome-Extensions.jpg","width":1200,"height":686,"caption":"Chrome Extensions Compromised"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/chrome-browser-extensions-hacked#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"25+ Chrome Browser Extensions Hacked, 2.5M Users at Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c","name":"Ray Fernandez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","caption":"Ray Fernandez"},"description":"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.","sameAs":["https:\/\/www.linkedin.com\/in\/ray-fernandez\/"],"knowsAbout":["Senior Technology Journalist"],"url":"https:\/\/www.techopedia.com\/contributors\/rayfernandez"}]}},"modified_by":"arina livanenkova","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/374002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/286688"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=374002"}],"version-history":[{"count":7,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/374002\/revisions"}],"predecessor-version":[{"id":374255,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/374002\/revisions\/374255"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/374016"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=374002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=374002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=374002"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=374002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}