Cyberhaven reports hack that led to malicious Chrome extension update

Cyberhaven, a data-loss prevention startup, reported a cyberattack that allowed hackers to publish a malicious update to its Chrome extension. This update could steal sensitive information, including passwords and session tokens, from users. The attack occurred on December 25, when hackers compromised a company account to release the harmful extension. Cyberhaven quickly removed the malicious version and released a legitimate update. The company is reviewing its security practices and has hired an incident response firm. Cyberhaven indicated that this incident is part of a broader campaign targeting Chrome extension developers. Other extensions may have also been compromised, but details on the extent of the attacks and responsible parties remain unclear.