news 
Google Chrome 2FA Bypass Attack Confirmed—What You Need To Know
The holiday season has brought a nasty surprise for some Google Chrome users in the form of a confirmed two-factor authentication (2FA) bypass attack. In a statement, Cyberhaven, the security company at the center of the attack, has revealed that hackers have successfully exploited its Chrome extension, compromising authentication cookies and potentially exfiltrating sessions on targeted websites.
The attack, which began on Christmas Eve, saw cybercriminals gain access to an employee’s credentials, allowing them to publish a malicious version of Cyberhaven’s Chrome extension. This malicious extension, identified as 24.10.4, was active between December 25 and 26, but was quickly removed by Cyberhaven after being notified.
According to Cyberhaven CEO Howard Ting, the impact and scope of the attack are limited in nature. Only one specific version of the Chrome extension was affected (24.10.4), with the malicious code only active during a short period of time. Additionally, it appears that no other systems or processes were compromised, including CI/CD processes and code signing keys.
However, the potential consequences of this attack are far from trivial. If exploited, the attacker could have potentially exfiltrated cookies and authenticated sessions for targeted websites, with an initial investigation suggesting social media advertising and AI platforms as the primary targets.
It is crucial to note that not all Cyberhaven customers were impacted by this attack. Those who auto-updated their browsers during the period of the attack (December 25-26) are at most risk. Affected customers have been notified by Cyberhaven, with a secure version of the Chrome extension (24.10.5 or newer) having been automatically deployed.
In light of this incident, it is imperative for all users to verify their Chrome extensions immediately and ensure they are running the latest version. Cyberhaven has advised that any customer still using the impacted version should do so at their earliest convenience.
For now, the extent of the attack appears to be limited in scope, but as with all cyber attacks, vigilance is key. It is essential to stay informed about these incidents and keep your software updated to avoid falling prey to such tactics.
Source: www.forbes.com
