SquareX, a leading Browser Detection and Response (BDR) solution provider, made headlines recently due to a series of large-scale attacks targeting Chrome Extension developers. The attacks were aimed at taking over the Chrome Extension from the Chrome Store and compromising user data.
The incident, which occurred on December 25th, 2024, involved a malicious version of Cyberhaven’s browser extension being published on the Chrome Store. This malicious extension allowed attackers to hijack authenticated sessions and steal confidential information from users. The extension was available for download for over 30 hours before Cyberhaven removed it. At the time of the attack, the extension had over 400,000 users on the Chrome Store.
SquareX researchers had previously identified a similar attack just a week before the Cyberhaven breach. The attack involved a phishing email impersonating the Chrome Store, prompting users to connect their Google account to a fake “Privacy Policy Extension.” This granted attackers access to edit, update, and publish extensions on the developer’s account.
The attack highlighted the vulnerabilities associated with browser extensions, as they have become a popular entry point for cyber attackers. Even organizations with robust security measures often struggle to monitor and control extensions’ behavior once they are whitelisted.
SquareX demonstrated at DEFCON 32 how seemingly harmless extensions can be used to steal sensitive data, add collaborators, and hijack sessions. The company warned that attackers could easily convert benign extensions into malicious ones post-installation, as seen in the Cyberhaven breach.
The breach emphasized the importance of carefully vetting and monitoring browser extensions. SquareX urged companies and individuals to scrutinize extension requests and updates before installation to prevent future attacks.
To address these security concerns, SquareX offers a BDR solution that focuses on detecting and responding to browser-based threats in real-time. The solution aims to block unauthorized interactions and detect suspicious extension updates or installations. It provides full visibility into all extensions being used and offers a streamlined approval process based on company policies.
SquareX’s founder, Vivek Ramachandran, warned that identity attacks targeting browser extensions would become more prevalent as employees rely on browser-based tools for work. He emphasized the need for companies to remain vigilant and minimize supply chain risks without compromising productivity.
In conclusion, the Cyberhaven breach serves as a reminder of the ongoing threat landscape facing browser extensions. By implementing robust security measures and leveraging solutions like SquareX’s BDR, organizations can protect themselves against advanced threats and safeguard their users’ data.