logo
welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

Chrome Extensions Steal Data

This is a news story, published by Ars Technica, that relates primarily to Chrome news.

Chrome news

For more Chrome news, you can click here:

more Chrome news

News about operating systems

For more operating systems news, you can click here:

more operating systems news

Ars Technica news

For more news from Ars Technica, you can click here:

more news from Ars Technica

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like this article about operating systems, you might also like this article about

malicious extensions

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest Cyberhaven security extension V3 news, malicious extension version news, news about operating systems, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

malicious extension
Ars Technica

Ars Technica

Time to check if you ran any of these 33 malicious Chrome extensions

Ars Technica
Summary
Nutrition label

75% Informative

At least 33 browser extensions hosted in Google ’s Chrome Web Store were surreptitiously siphoning sensitive data from 2.6 million devices.

The compromises came to light with the discovery by data loss prevention service Cyberhaven that a Chrome extension used by 400,000 of its customers had been updated with code that stole their sensitive data.

The malicious extension, available as version 24.10.4 , was available for 31 hours , starting on December 25 at 1:32 AM UTC to Dec 26 at 2:50 AM UTC .

Reader Mode is one of 13 Chrome extensions known to have used the library to collect potentially sensitive data.

The source of the compromise appears to be a code library developers can use to monetize their extensions.

In exchange for incorporating the library into the extensions, developers receive a commission from the library creator.

Cyberhaven customers have been infected with malicious extensions for Chrome and Firefox extensions.

The extensions have long remained a weak link in the security chain.

In 2019 , extensions caught stealing sensitive data from 4 million devices.

Anyone who ran one of these compromised extensions should carefully consider changing passwords and other authentication credentials.

VR Score

70

Informative language

65

Neutral language

39

Article tone

formal

Language

English

Language complexity

53

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

medium-lived

External references

4

https://secureannex.com/blog/cyberhaven-extension-compromise/https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-ithttps://www.vulnu.com/p/breaking-cyberhaven-chrome-extension-compromisedhttps://web.archive.org/web/20241227171802/https://chromewebstore.google.com/detail/cyberhaven-security-exten/pajkjnmeojmbapicmbpliphjmcekeaac

Source diversity

4

secureannex.comwww.cyberhaven.comwww.vulnu.comweb.archive.org

Affiliate links

no affiliate links

Read full article