Please ensure Javascript is enabled for purposes of website accessibility
Hackers Exploit Chrome Extensions, Exposing Millions to 2FA Bypass Attacks
News
By News
Published 5 months ago on
December 31, 2024

Chrome extension vulnerabilities leave millions at risk of 2FA bypass attacks, with hackers targeting multiple companies. (Shutterstock)

Share

Getting your Trinity Audio player ready...

Google Chrome users face potential security risks as hackers target browser extensions to bypass two-factor authentication (2FA), as reported by Forbes.

The attacks, which began in mid-December, have compromised several companies’ Chrome extensions, potentially affecting millions of users.

Christmas Eve Attack

One notable incident involved Cyberhaven, a data attack detection company.

On Christmas Eve, a phishing attack compromised an employee’s credentials, allowing hackers to publish a malicious version of their Chrome extension. Cyberhaven CEO Howard Ting stated, “We want to share the full details of the incident and steps we’re taking to protect our customers and mitigate any damage.”

The attack bypassed 2FA by capturing session cookies, which authenticate user sessions. This method allows attackers to reuse the stolen cookies and access accounts without needing the 2FA code.

Google’s Recommendations to Mitigate Risks

To mitigate risks, Google recommends using passkeys and security keys. Vivek Ramachandran, founder of SquareX, suggests implementing server-side restrictions on risky OAuth scopes and using client-side Browser Detection-Response tools.

Google’s Chrome security team employs both automated and manual reviews to check extensions before publication on the Chrome Web Store. They also continuously monitor published extensions. Despite these efforts, some malicious extensions still slip through.

Users can protect themselves by:
1. Checking installed extensions at “chrome://extensions”
2. Running a Chrome Safety Check
3. Enabling enhanced protection mode in Safe Browsing

According to a Google spokesperson, “Google research has shown that security keys provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication.”

Read more at Forbes

RELATED TOPICS:

DON'T MISS

What Are Fresno Real Estate Experts Predicting for 2025 and Beyond?

DON'T MISS

First California EV Mandates Hit Automakers This Year. Most Are Not Even Close

DON'T MISS

Trump Signs Proclamation Banning Travel From 12 Countries, CBS News Reports

DON'T MISS

Sunnyvale Pitmaster Smokes Fresno BBQ Competition for Golden Ticket to World Championships

DON'T MISS

What We Know About the Colorado Attack on Israeli Hostage Demonstrators

DON'T MISS

Visalia Motorists Take Note: Traffic Shift Coming to Riggin Avenue

DON'T MISS

Really, Secretary Rubio? I’m Lying About the Kids Dying Under Trump?

DON'T MISS

Judge Denies Release in Caleb Quick Killing. Defense Cites Alleged Assaults by Victim

DON'T MISS

Nebraska Is the Latest State to Ban Transgender Students From Girls’ Sports

DON'T MISS

US Vetoes UN Security Council Resolution Demanding an Immediate Gaza Ceasefire

DON'T MISS

International Basketball Comes to Fresno: Armenia vs. Costa Rica

DON'T MISS

Wired Wednesday: A New Research Hub in Southeast Fresno?

UP NEXT

Sunnyvale Pitmaster Smokes Fresno BBQ Competition for Golden Ticket to World Championships

UP NEXT

What We Know About the Colorado Attack on Israeli Hostage Demonstrators

UP NEXT

Really, Secretary Rubio? I’m Lying About the Kids Dying Under Trump?

UP NEXT

Judge Denies Release in Caleb Quick Killing. Defense Cites Alleged Assaults by Victim

UP NEXT

Nebraska Is the Latest State to Ban Transgender Students From Girls’ Sports

UP NEXT

US Vetoes UN Security Council Resolution Demanding an Immediate Gaza Ceasefire

UP NEXT

International Basketball Comes to Fresno: Armenia vs. Costa Rica

UP NEXT

Wired Wednesday: A New Research Hub in Southeast Fresno?

UP NEXT

Fresno’s Southeast Plan Has a $2.2B Price Tag for Phase 1. Can the City Afford It?

UP NEXT

Trump: Putin Said Russia Would Respond to Ukraine Drone Attacks

Were Cuts in Rooftop Solar Payments Legal? CA Supreme Court Hears Arguments

3 hours ago

Fresno Rainbow Pride Marks 35th Year with Saturday Parade and Festival

4 hours ago

Did That Clint Eastwood Interview Happen? Yes, Kind Of.

4 hours ago

Biden’s IRS Doubled Audits on the Wealthy, Data Shows

4 hours ago

Millions Would Lose Their Obamacare Coverage Under Trump’s Bill

4 hours ago

New CA Bill Would Streamline Solar Conversion for Dry Farmland

4 hours ago

Supreme Court Rules Catholic Charity Exempt From State Unemployment Taxes

5 hours ago

Alonso Muscles Up With 2 HRs, 5 RBIs as Mets Belt Dodgers

5 hours ago

Valley Crime Stoppers’ Most Wanted Person of the Day: Fermin Solorzano

5 hours ago

Supreme Court Rejects Mexico’s $10B Gun Lawsuit Against American Gun Manufacturers

5 hours ago

Fresno Police Want Your Tips to Solve Taylor Washington Homicide

Fresno police detectives want the community’s help to solve the shooting death of 24-year-old Taylor Washington on April 10. When offi...

1 hour ago

1 hour ago

Fresno Police Want Your Tips to Solve Taylor Washington Homicide

2 hours ago

Derek Carr Explains Mysterious Retirement. He Didn’t Want to ‘Just Take the Saints’ Money’

3 hours ago

What Do Valley Leaders Say About Trump’s Threat to Yank High-Speed Rail Funding?

3 hours ago

Were Cuts in Rooftop Solar Payments Legal? CA Supreme Court Hears Arguments

4 hours ago

Fresno Rainbow Pride Marks 35th Year with Saturday Parade and Festival

4 hours ago

Did That Clint Eastwood Interview Happen? Yes, Kind Of.

4 hours ago

Biden’s IRS Doubled Audits on the Wealthy, Data Shows

4 hours ago

Millions Would Lose Their Obamacare Coverage Under Trump’s Bill

Help continue the work that gets you the news that matters most.

Search

Send this to a friend