news 
Google Chrome 2FA Bypass Attacks Confirmed—Millions of Users at Risk
In a shocking revelation, Cyberhaven has confirmed that its Chrome extension was used to bypass two-factor authentication (2FA) on Google accounts, putting millions of users at risk. The incident highlights the vulnerability of 2FA systems and the need for additional security measures.
According to reports, an employee at Cyberhaven had enabled Google Advanced Protection and multi-factor authentication (MFA), but this did not prevent a malicious extension from being uploaded to the Chrome Store. The extension, which was based on a clean prior version of the official Cyberhaven Chrome extension, bypassed the 2FA system.
While MFA is an essential layer in credential verification security protections, it is not foolproof. Attackers can clone the 2FA code entry process by redirecting victims to genuine-looking login pages and capturing session cookies that are created when a correct code is entered. These stolen cookies can then be used to re-run the user’s session.
The impact of this attack was limited to only one version of the Cyberhaven Chrome extension, which had been updated between Christmas Day and Boxing Day. However, the scope of the incident is still significant, with millions of users at risk if they were using the compromised extension during that time period.
Cyberhaven has confirmed that no other systems, including its CI/CD processes and code signing keys, were compromised in this attack. The company notified affected customers and removed the malicious extension from the Chrome Store, automatically deploying a secure version.
The incident serves as a stark reminder of the importance of keeping software up to date and monitoring browser extensions closely. Google researchers have previously demonstrated that security keys can provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication.
In response to this incident, Cyberhaven recommends verifying the Chrome extension has updated to version 24.10.5 or newer for affected customers.
This attack highlights the need for more robust security measures beyond MFA alone. It is essential to stay vigilant and take proactive steps to protect ourselves from these types of attacks.
Sources:
* Forbes: “Chrome Extension Attack—A 2FA Bypass Explained”
* Cyberhaven
* Google
Source: www.forbes.com
