Cyberhaven has confirmed that its Google Chrome extension became the target of a cyberattack on Christmas Eve. The breach compromised sensitive data, including passwords and session tokens, raising alarm among users.

According to the company, the attack began when an employee fell victim to a phishing email, inadvertently providing access to the attacker. Using these credentials, the perpetrator uploaded a malicious version of the extension (version 24.10.4) to the Chrome Web Store. This version remained active on auto-updated browsers from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26.

The incident was detected at 11:54 PM UTC on December 25 by Cyberhaven’s security team, who acted swiftly to remove the malicious version within an hour. CEO Howard Ting expressed pride in the team's response, saying, “I’m proud of how quickly our team reacted, with virtually everyone in the company interrupting their holiday plans to serve our customers and acting with the transparency that is core to our company values.”

Fortunately, Cyberhaven reported that no other critical systems, such as code-signing keys or CI/CD processes, were affected. However, the attack may have exposed cookies and authenticated sessions for certain websites.

Users are being urged to take immediate precautions, including updating their extensions to version 24.10.5 or later, reviewing activity logs for unusual behavior, and changing all passwords not secured by FIDOv2.

To prevent future attacks, Cyberhaven has already introduced additional security measures and is working closely with law enforcement on the investigation. This event highlights the persistent risks of phishing attacks and the importance of staying vigilant against cybersecurity threats.