Researchers identify 33 malicious Chrome extensions stealing data from millions of users

Researchers have found 33 malicious Chrome extensions that have been stealing sensitive data from about 2.6 million devices for up to 18 months. The issue was highlighted when a compromised extension used by Cyberhaven was updated to include harmful code. The malicious extension was available for 31 hours over the Christmas holiday. During this time, Chrome browsers automatically downloaded the harmful update, which targeted user credentials and browsing history. Cyberhaven quickly released updated versions of their extension to address the issue. The malicious code was linked to a phishing email sent to the extension's developers, falsely claiming compliance issues with Google’s terms.