SquareX, a pioneer in Browser Detection and Response (BDR) solutions, has issued a warning about OAuth-based phishing attacks targeting Chrome extension developers, exposing users to session hijacking and data theft. A recent attack compromised Cyberhaven’s browser extension on December 25, 2024, allowing attackers to hijack sessions and steal sensitive data from over 400,000 users before its removal. SquareX had identified a similar attack pathway just a week prior, highlighting the attackers' use of phishing emails to gain unauthorized access to developers’ Google accounts and extensions. These attacks exploit the lack of monitoring for browser extension updates in organizations, turning benign extensions into malicious tools post-installation or hijacking trusted ones with large user bases. SquareX urges developers and organizations to strengthen their defenses and carefully vet browser extension updates to mitigate the risks. Continue here.
