Hackers Exploit Chrome Extensions Across Multiple Companies, Experts Reveal

A wide-ranging hacking campaign has compromised Chrome browser extensions used by several companies, cybersecurity experts warned on Wednesday. The attacks, believed to have begun in mid-December, have impacted organizations across various industries, including data protection and artificial intelligence.

One of the affected companies, California-based Cyberhaven, confirmed the breach in a statement shared with The Independent Beacon. The company reported that its widely used Chrome extension, which assists clients in safeguarding sensitive business information, was infiltrated by attackers on December 23.

“We can confirm that our Chrome extension was targeted in a malicious attack,” Cyberhaven stated. “Preliminary investigations suggest that this incident is part of a broader operation aimed at Chrome extension developers worldwide. We are working closely with federal law enforcement and leading cybersecurity firms to mitigate the impact and secure our systems.”

Browser extensions, typically designed to enhance web browsing by providing additional functionality—such as password management or coupon application—have increasingly become a target for cybercriminals. In this case, compromised extensions are suspected of being used to extract sensitive data or gain unauthorized access to user accounts.

Cybersecurity expert Lina Morales of Sentinel Systems described the campaign as “alarming,” noting that the attackers seemed to prioritize quantity over specificity.

“From what we’ve observed, this is not a targeted campaign against a single company or industry. Instead, it’s a scattershot approach aimed at compromising as many extensions as possible to collect diverse forms of sensitive data,” Morales explained. “Extensions related to virtual private networks, cloud storage, and AI tools have all been affected.”

Among the other companies reportedly impacted is Chicago-based InnovateAI, whose extension enables machine learning integration within web applications. InnovateAI confirmed the breach to The Independent Beacon, stating that the attack occurred on December 20 and prompted an immediate takedown of the compromised software.

While the full extent of the hacks remains unclear, analysts believe the campaign’s scope may be global. Alphabet Inc. (NASDAQ: GOOGL), the developer of Chrome, has yet to respond to requests for comment. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also declined to elaborate, deferring inquiries to the affected companies.

“This incident underscores the risks associated with third-party extensions,” Morales added. “Users should exercise caution and ensure extensions are downloaded from reputable sources and kept up to date.”

As investigations continue, experts recommend businesses review their cybersecurity protocols, particularly those related to third-party software integrations, to safeguard against similar threats in the future.