SquareX has revealed a critical browser security incident targeting Chrome Extension developers, leading to a major compromise of Cyberhaven’s browser extension.
SquareX reported that a malicious version of Cyberhaven’s browser extension was published on the Chrome Store on 25 December 2024. This incident enabled attackers to hijack authenticated sessions and exfiltrate sensitive information. Despite the compromised extension being removed after 30 hours, over 400,000 users were affected.
SquareX researchers had demonstrated the attack pathway via a video a week prior to the breach, identifying an OAuth-based attack aimed at seizing control of Chrome Extensions from the Chrome Store. The attack lures developers through phishing emails that impersonate official…