Cybersecurity firm reports data theft from hijacked Chrome extensions

At least five Chrome extensions were compromised in a coordinated attack that injected malicious code to steal user data. Cyberhaven, a cybersecurity firm, reported the breach on December 24 after a phishing attack targeted an administrator's account. The attacker published a harmful version of Cyberhaven's extension, which could exfiltrate sensitive information. Cyberhaven removed the malicious version within an hour and released a clean update on December 26. Following this incident, other extensions were also found to contain similar malicious code. Users are advised to uninstall affected extensions or update to safe versions and take steps to secure their accounts.