Hack Reports - Latest Cybersecurity News, Trends & Updates

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Geetansh -

Latest News on Chrome Extensions Hacked and Browser Extension Security Vulnerabilities

Key Highlights:

  1. Compromised Chrome Extensions:

    • At least five Chrome extensions were compromised in a coordinated attack, with malicious actors injecting code designed to steal users' data14.

  2. Affected Extensions:

    • The compromised extensions include Internxt VPN, ParrotTalks, Uvoice, and VPNCity, which have hundreds of thousands of users5.

  3. Data Theft:

    • The attack aimed to steal users' data, highlighting the importance of browser extension security and regular updates14.

  4. Security Measures:

    • Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web, aiming to enhance browser security4.

  5. Recent Vulnerabilities:

    • Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers4.

  6. Ongoing Threats:

    • A new Microsoft 365 phishing-as-a-service platform called "FlowerStorm" is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service4.

Detailed Context:

The recent hacking of Chrome extensions underscores the need for robust security measures in browser extensions. Here are some key points:

  • Compromised Extensions: The attack on these extensions highlights the vulnerability of popular browser extensions to data theft. Users are advised to regularly check for updates and ensure that their extensions are from trusted sources14.

  • Affected Users: Extensions like Internxt VPN, ParrotTalks, Uvoice, and VPNCity have been compromised, affecting hundreds of thousands of users. This emphasizes the scale of the issue and the potential impact on user data5.

  • Google's Response: Google is actively working to enhance browser security. The introduction of AI-powered scam protection features aims to analyze the intent of pages and protect users from phishing attempts4.

  • npm Package Compromise: The compromise of npm packages like @rspack/core, @rspack/cli, and Vant demonstrates how supply chain attacks can lead to widespread vulnerabilities. This underscores the importance of securing the entire software development lifecycle4.

Trustworthy Citations:

  1. BleepingComputer: "At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code designed to steal users' data"1.
  2. BleepingComputer: "Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers"4.
  3. DesignTaxi: "Several popular extensions, including Internxt VPN, ParrotTalks, Uvoice, and VPNCity, were compromised by malicious actors who injected code designed to steal users' data"5.

These sources provide comprehensive and reliable information on the recent hacking of Chrome extensions and the broader context of browser extension security vulnerabilities.