In recent news from Palo Alto, California, SquareX, an innovative Browser Detection and Response (BDR) solution, has made headlines for leading the way in browser security. The company recently reported a series of large-scale attacks targeting Chrome Extension developers with the goal of taking control of extensions from the Chrome Store.
The incident occurred on December 25th, 2024, when a malicious version of Cyberhaven’s browser extension was published on the Chrome Store. This malicious extension allowed the attacker to hijack authenticated sessions and steal confidential information. Despite being available for download for over 30 hours, Cyberhaven eventually removed the extension. At the time of the attack, the extension had over 400,000 users on the Chrome Store.
This attack comes at a time when SquareX researchers had just identified a similar vulnerability and demonstrated the attack pathway in a video. The attack typically begins with a phishing email impersonating the Chrome Store, claiming a violation of the platform’s “Developer Agreement” and urging the recipient to accept policies to avoid their extension from being removed. By tricking users into connecting their Google account to a fake “Privacy Policy Extension,” attackers can gain access to edit, update, and publish extensions on the developers’ accounts.
The rise of such attacks highlights the increasing popularity of extensions as a way for attackers to gain initial access. Organizations often have limited visibility into the browser extensions used by their employees, making them vulnerable to such attacks. Even stringent security teams may not monitor updates to whitelisted extensions, leaving them exposed to potential threats.
SquareX has conducted extensive research, showcasing at DEFCON 32 how MV3-compliant extensions can be used for malicious purposes. Attackers can disguise harmful extensions as harmless ones, making it challenging for security teams to detect and prevent such threats. In Cyberhaven’s case, attackers were able to steal company credentials across multiple websites and web apps through the malicious extension.
Given that developer emails are publicly listed on the Chrome Store, attackers can easily target multiple developers simultaneously. Even extensions from larger companies may not be immune to such attacks, as support emails are typically routed to individual developers who may lack the necessary security awareness to detect phishing attempts.
In response to these threats, SquareX’s Browser Detection and Response (BDR) solution offers a comprehensive approach to browser security. The solution aims to block unauthorized interactions, suspicious updates, and installations of malicious extensions, providing organizations with visibility and control over the extensions used by their employees.
SquareX founder Vivek Ramachandran warns of the increasing prevalence of identity attacks targeting browser extensions and calls for companies to remain vigilant to mitigate supply chain risks. As employees rely more on browser-based tools for productivity, the risk of such attacks is expected to grow, requiring organizations to equip themselves with the right security measures.
SquareX’s industry-leading BDR solution helps organizations detect and respond to client-side web attacks in real-time, safeguarding users against a range of threats. By focusing on attack-focused browser security, SquareX ensures that enterprise users are protected against advanced threats, providing a secure browsing experience for all users.
As the threat landscape continues to evolve, organizations must prioritize browser security to prevent potential breaches and protect sensitive information. By investing in robust security solutions like SquareX’s BDR, companies can safeguard their digital assets and maintain a secure browsing environment for employees and users.