Hackers Target Dozens of VPN, AI Extensions For Google Chrome To Compromise Data

An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis.

It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions 'shouldn't be treated lightly,' as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. 'Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one,' researchers said. 'If the extension developer is compromised, the users are effectively compromised as well -- almost instantly.'

Read more of this story at Slashdot.