Google Chrome users face potential security risks as hackers target browser extensions to bypass two-factor authentication (2FA), as reported by Forbes.

The attacks, which began in mid-December, have compromised several companies’ Chrome extensions, potentially affecting millions of users.

Christmas Eve Attack

One notable incident involved Cyberhaven, a data attack detection company.

On Christmas Eve, a phishing attack compromised an employee’s credentials, allowing hackers to publish a malicious version of their Chrome extension. Cyberhaven CEO Howard Ting stated, “We want to share the full details of the incident and steps we’re taking to protect our customers and mitigate any damage.”

The attack bypassed 2FA by capturing session cookies, which authenticate user sessions. This method allows attackers to reuse the stolen cookies and access accounts without needing the 2FA code.

Related Story: Quantum Computing Inches Closer to Reality After Another Google Breakthrough

Google’s Recommendations to Mitigate Risks

To mitigate risks, Google recommends using passkeys and security keys. Vivek Ramachandran, founder of SquareX, suggests implementing server-side restrictions on risky OAuth scopes and using client-side Browser Detection-Response tools.

Google’s Chrome security team employs both automated and manual reviews to check extensions before publication on the Chrome Web Store. They also continuously monitor published extensions. Despite these efforts, some malicious extensions still slip through.

Users can protect themselves by:
1. Checking installed extensions at “chrome://extensions”
2. Running a Chrome Safety Check
3. Enabling enhanced protection mode in Safe Browsing

According to a Google spokesperson, “Google research has shown that security keys provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication.”

Read more at Forbes