Please ensure Javascript is enabled for purposes of website accessibility
Hackers Exploit Chrome Extensions, Exposing Millions to 2FA Bypass Attacks
News
By News
Published 6 months ago on
December 31, 2024

Chrome extension vulnerabilities leave millions at risk of 2FA bypass attacks, with hackers targeting multiple companies. (Shutterstock)

Share

Getting your Trinity Audio player ready...

Google Chrome users face potential security risks as hackers target browser extensions to bypass two-factor authentication (2FA), as reported by Forbes.

The attacks, which began in mid-December, have compromised several companies’ Chrome extensions, potentially affecting millions of users.

Christmas Eve Attack

One notable incident involved Cyberhaven, a data attack detection company.

On Christmas Eve, a phishing attack compromised an employee’s credentials, allowing hackers to publish a malicious version of their Chrome extension. Cyberhaven CEO Howard Ting stated, “We want to share the full details of the incident and steps we’re taking to protect our customers and mitigate any damage.”

The attack bypassed 2FA by capturing session cookies, which authenticate user sessions. This method allows attackers to reuse the stolen cookies and access accounts without needing the 2FA code.

Google’s Recommendations to Mitigate Risks

To mitigate risks, Google recommends using passkeys and security keys. Vivek Ramachandran, founder of SquareX, suggests implementing server-side restrictions on risky OAuth scopes and using client-side Browser Detection-Response tools.

Google’s Chrome security team employs both automated and manual reviews to check extensions before publication on the Chrome Web Store. They also continuously monitor published extensions. Despite these efforts, some malicious extensions still slip through.

Users can protect themselves by:
1. Checking installed extensions at “chrome://extensions”
2. Running a Chrome Safety Check
3. Enabling enhanced protection mode in Safe Browsing

According to a Google spokesperson, “Google research has shown that security keys provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication.”

Read more at Forbes

RELATED TOPICS:

DON'T MISS

What Are Fresno Real Estate Experts Predicting for 2025 and Beyond?

DON'T MISS

First California EV Mandates Hit Automakers This Year. Most Are Not Even Close

DON'T MISS

4 Million Acres of California Forests Could Lose Protection. What Trump’s ‘Roadless Rule’ Repeal Could Do

DON'T MISS

Israeli Settlers Raid West Bank Town, Troops Kill 3 Palestinians

DON'T MISS

West Nile Virus Detected in Mosquitoes in Fresno County

DON'T MISS

Trump Says Netanyahu’s Trial Should Be Canceled

DON'T MISS

St. Agnes’ New Chief Medical Officer Is a Kidney Care Expert

DON'T MISS

US Military to Create Two New Border Zones, Officials Say

DON'T MISS

Trump Signals US May Ease Iran Oil Sanction Enforcement to Help Rebuild Country

DON'T MISS

CIA Says Intelligence Indicates Iran’s Nuclear Program Severely Damaged

DON'T MISS

Upscale Woodward Park Area Apartments Sell for $19 Million

DON'T MISS

Wired Wednesday: Learn the Latest on the Caleb Quick Murder Hearings

UP NEXT

Israeli Settlers Raid West Bank Town, Troops Kill 3 Palestinians

UP NEXT

West Nile Virus Detected in Mosquitoes in Fresno County

UP NEXT

Trump Says Netanyahu’s Trial Should Be Canceled

UP NEXT

St. Agnes’ New Chief Medical Officer Is a Kidney Care Expert

UP NEXT

US Military to Create Two New Border Zones, Officials Say

UP NEXT

Trump Signals US May Ease Iran Oil Sanction Enforcement to Help Rebuild Country

UP NEXT

CIA Says Intelligence Indicates Iran’s Nuclear Program Severely Damaged

UP NEXT

Upscale Woodward Park Area Apartments Sell for $19 Million

UP NEXT

Wired Wednesday: Learn the Latest on the Caleb Quick Murder Hearings

UP NEXT

Trump Administration Orders CA to Strip Trans Athlete of Medals

Trump Says Netanyahu’s Trial Should Be Canceled

12 hours ago

St. Agnes’ New Chief Medical Officer Is a Kidney Care Expert

12 hours ago

US Military to Create Two New Border Zones, Officials Say

12 hours ago

Trump Signals US May Ease Iran Oil Sanction Enforcement to Help Rebuild Country

13 hours ago

CIA Says Intelligence Indicates Iran’s Nuclear Program Severely Damaged

13 hours ago

Upscale Woodward Park Area Apartments Sell for $19 Million

15 hours ago

Wired Wednesday: Learn the Latest on the Caleb Quick Murder Hearings

15 hours ago

Trump Administration Orders CA to Strip Trans Athlete of Medals

15 hours ago

Three Mile Island Nuclear Plant Reboot Fast-Tracked to 2027

15 hours ago

Democratic Lawmaker Pleads Not Guilty to Assaulting US Agents at Immigration Center

15 hours ago

4 Million Acres of California Forests Could Lose Protection. What Trump’s ‘Roadless Rule’ Repeal Could Do

This story was originally published by CalMatters. Sign up for their newsletters. The Trump administration’s plan to repeal a rule prohibiti...

11 hours ago

Tahoe National Forest
11 hours ago

4 Million Acres of California Forests Could Lose Protection. What Trump’s ‘Roadless Rule’ Repeal Could Do

Palestinians gather to receive aid supplies in Beit Lahia, in the northern Gaza Strip, June 17, 2025. REUTERS/Stringer/File Photo
11 hours ago

Israeli Settlers Raid West Bank Town, Troops Kill 3 Palestinians

West Nile virus mosquito
12 hours ago

West Nile Virus Detected in Mosquitoes in Fresno County

President Donald Trump meets with Israeli Prime Minister Benjamin Netanyahu in the Oval Office at the White House in Washington, U.S., April 7, 2025. (Reuters File)
12 hours ago

Trump Says Netanyahu’s Trial Should Be Canceled

12 hours ago

St. Agnes’ New Chief Medical Officer Is a Kidney Care Expert

A U.S. Border Patrol vehicle patrols along the border wall, following the establishment of a 260-mile military zone along the southern U.S. border in New Mexico and Texas as part of the Trump administration's crackdown on immigration, in Sunland Park, New Mexico, U.S., May 20, 2025. (Reuters File)
12 hours ago

US Military to Create Two New Border Zones, Officials Say

Oil tankers pass through the Strait of Hormuz, December 21, 2018. (Reuters File)
13 hours ago

Trump Signals US May Ease Iran Oil Sanction Enforcement to Help Rebuild Country

CIA Director John Ratcliffe speaks during an interview at the White House in Washington, D.C., U.S., April 30, 2025. (Reuters File)
13 hours ago

CIA Says Intelligence Indicates Iran’s Nuclear Program Severely Damaged

Help continue the work that gets you the news that matters most.

Search

Send this to a friend