Google Chrome Hacking Incident and Security Risks

Author

Reads 856

Classic styled radio receiver with chrome buttons and speaker and wooden case placed on table in daylight
Credit: pexels.com, Classic styled radio receiver with chrome buttons and speaker and wooden case placed on table in daylight

Google Chrome hacking incidents have made headlines in recent years, highlighting the browser's vulnerabilities to cyber threats. In 2019, a critical vulnerability in Chrome was discovered, allowing hackers to execute arbitrary code on a user's system.

This vulnerability was particularly concerning because it was found in the browser's V8 JavaScript engine, which is used by millions of users worldwide. The bug was patched by Google shortly after its discovery, but not before it had been exploited by hackers.

The Chrome hacking incident serves as a reminder of the importance of keeping software up to date, as vulnerabilities like this one can be easily exploited by hackers. Regular updates can help protect users from these types of attacks.

Curious to learn more? Check out: Hacking Azure

Google Chrome Hacking Incident

Hackers took over several Google Chrome extensions in a cyberattack, inserting malicious code to steal user data such as web browser cookies and authentication.

The attack was first noticed by Cyberhaven, a cybersecurity company that was one of the companies affected by the hack. Cyberhaven's Chrome extension was pushed with the malicious code to users on Christmas Eve, and the company became aware of the hack on Christmas Day.

For another approach, see: Google Photos Unlimited Storage Hack

Blue Neon Sign Surrounded by Chrome Hubcaps
Credit: pexels.com, Blue Neon Sign Surrounded by Chrome Hubcaps

The hackers targeted Chrome extensions with tens of thousands of users, including Internxt VPN, ParrotTalks, Uvoice, and VPNCity. The attack was likely a mass phishing campaign, with the hackers sending out emails to Chrome extension developers and waiting for someone to click on the link.

Cyberhaven believes the attackers were not targeting specific companies, but rather any recipient that clicked through the phishing email. The company removed the malicious package from the Chrome Web Store within 60 minutes of detection.

Here are some of the Chrome extensions that were affected by the hack:

  • Internxt VPN
  • ParrotTalks
  • Uvoice
  • VPNCity

The attack highlights the importance of being cautious when clicking on links and providing login credentials, especially during the holiday season when security teams may be operating with reduced staff.

Browser Vulnerabilities

Browser vulnerabilities can be exploited by hackers to gain access to sensitive information.

Using malicious Chrome extensions, attackers can syncjack a victim's browser, allowing them to commit fraud and other illicit activities.

Credit: youtube.com, 🚨UPDATE NOW🚨- New Exploit Found in Chrome (Also Edge/Brave/Opera)

The malicious Chrome extension can also be used to send the victim to a modified Zoom webpage, tricking them into installing a fake update.

This fake update installs a Chrome browser enrollment token from the hacker's Google Workspace, granting them access to the user's Google Drive, clipboard, emails, and more.

The hacker's access to the user's Google Drive and other services can be catastrophic, making it essential to be cautious when installing extensions and updates.

By exploiting browser vulnerabilities, hackers can gain a foothold in a user's online identity, allowing them to wreak havoc on their digital life.

Malware and Compromise

Hackers took over a number of Google Chrome extensions in a cyberattack, inserting malicious code to steal user data such as web browser cookies and authentication.

The attack was first noticed by cyber security company Cyberhaven, which was one of the companies affected by the hack. The hackers pushed an updated version of its Chrome extension with the malicious code to users on Christmas Eve.

Credit: youtube.com, New RedLine malware can hack accounts and passwords saved in Chrome or Edge

Cyberhaven believes the attackers were sending out a mass phishing campaign and going after anyone who clicked through. A Cyberhaven employee was targeted via a phishing email that was sent to Chrome extension developers.

The employee, believing the email was an official Google contact, clicked the email and input their login credentials on the phishing page. This allowed the hackers to gain access to the company's administrative account.

The hackers could potentially exfiltrate victims' sensitive information, including authenticated sessions and cookies. Browsers running the compromised extension were vulnerable to abuse for over 30 hours.

Cyberhaven recommends that its customers update the extension, rotate passwords and tokens, clear sessions, and review logs for any suspicious activity. This is to prevent further malicious activity and preserve artifacts of the malicious code for analysis.

Here are some key takeaways from the Cyberhaven hack:

  • Phishing emails can compromise even the most secure accounts.
  • Chrome extensions can be vulnerable to hacking if not properly secured.
  • Auto-update features in extensions can make them easy targets for attackers.
  • Regularly updating extensions and reviewing logs can help prevent malicious activity.

In this case, the hackers were able to distribute a malicious update for its Chrome browser extension. The company removed the malicious package from the Chrome Web Store within 60 minutes of detection.

Google's Response

Credit: youtube.com, Google's Apology Chrome Bug Chaos for 15M Users!

Google has acknowledged the existence of Chrome hacking, stating that it's a serious issue that requires immediate attention.

The company has taken steps to address the problem, including updating Chrome's security features to prevent exploitation of vulnerabilities.

Google's response to Chrome hacking has been swift, with the company releasing patches and updates to fix known security flaws.

These updates have been successful in reducing the number of hacking attempts, but more work remains to be done.

Google continues to monitor the situation and is working closely with the security community to stay ahead of hackers.

Security Risks

Chrome extensions are often granted extensive permissions to access sensitive data, such as browsing activity, login credentials, and personal information stored in browsers. This makes them a prime target for hackers.

A compromised extension can leverage these permissions to cause significant harm, such as stealing financial details, spreading malware, or compromising corporate networks. This is exactly what happened in a recent string of targeted attacks on Chrome extension providers.

Credit: youtube.com, IMPORTANT Google Chrome security fix 1 ZERO exploit high risk already used by hackers

According to CyberNews, 25 extensions impacting 2 million people were potentially impacted by these attacks. This highlights the importance of staying vigilant and keeping your extensions up to date.

Here are some specific examples of compromised extensions that you should be aware of:

  • AI Assistant – ChatGPT and Gemini for Chrome
  • Bard AI Chat Extension
  • GPT 4 Summary with OpenAI
  • Search Copilot AI Assistant for Chrome
  • TinaMind AI Assistant
  • Wayin AI
  • VPNCity
  • Internxt VPN
  • Vindoz Flex Video Recorder
  • VidHelper Video Downloader
  • Bookmark Favicon Changer
  • Castorus
  • Uvoice
  • Reader Mode
  • Parrot Talks
  • Primus

If you operate one of these extensions, it's essential to upgrade to a known good version or disable and uninstall it until a known good version has been released.

Ismael Anderson

Lead Writer

Ismael Anderson is a seasoned writer with a passion for crafting informative and engaging content. With a focus on technical topics, he has established himself as a reliable source for readers seeking in-depth knowledge on complex subjects. His writing portfolio showcases a range of expertise, including articles on cloud computing and storage solutions, such as AWS S3.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.