16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Dec 29, 2025Ravie LakshmananEndpoint Protection / Browser Security

A recent cyberattack has compromised several Chrome browser extensions, impacting over 600,000 users with data exposure and credential theft.

The attack utilized a phishing campaign to target extension publishers on the Chrome Web Store, allowing malicious code to be inserted into legitimate extensions for stealing cookies and user access tokens.

Cybersecurity firm Cyberhaven was one of the first companies affected by the breach, which was disclosed on December 27.

Cyberhaven’s blog post revealed that the threat actor compromised their extension to communicate with a Command and Control server and extract user data.

According to Or Eshed, CEO of LayerX Security, browser extensions pose a significant security risk due to the permissions they are granted.

Eshed highlights that many organizations are unaware of the extensions installed on their systems, leaving them vulnerable to such attacks.

Following the Cyberhaven breach, additional compromised extensions were identified, indicating a broad-scale attack on legitimate browser extensions.

Extensions like AI Assistant, Bard AI Chat, and GPT 4 Summary with OpenAI are among those suspected of compromise.

Further analysis revealed that the malicious code targeted Facebook account data, emphasizing the severity of the breach.


User data collected by the compromised Cyberhaven browser extension (source: Cyberhaven)
User data collected by the compromised Cyberhaven browser extension (source: Cyberhaven)

Cyberhaven has taken steps to remove the malicious extension, but the risk persists as long as compromised versions remain on endpoints.

Security experts are vigilant in identifying exposed extensions, underscoring the urgent need for organizations to secure their browser extensions.

Enjoying this content? Stay updated by following us on Twitter and LinkedIn.