This well-known Google Chrome extension has a malicious update released by cybercriminals, so you should use it with caution.
Cybercriminals infected multiple updates to what seem to be well-known Chrome extensions during the Christmas holiday. An investigation is underway.
In the last few hours, the startup Cyberhaven reported that hackers have deployed a malicious update to the company's plugin that is capable of stealing customers' passwords and login tokens.
The company sent an email to customers warning them about the vulnerability, and hackers hijacked the company's account to deploy the malicious update to its add-on.
The company sent an email to customers warning them about the vulnerability, and hackers hijacked the company's account to spread the malicious update.
In this email to customers, they explained that a compromised Chrome extension makes it possible to leak sensitive information, including authenticated sessions and cookies, to the attacker's domain.
They discovered the vulnerability in the afternoon of December 25th and replaced the malicious add-on with a legitimate update.
The Chrome Web Store shows that the hacked extension has around 400,000 users, so that's a pretty significant number.
On the other hand, Cyberhaven itself explained in the statement that "public reports indicate that this attack was part of a broader campaign targeting Chrome extension developers for a wide range of companies."
In this way, you have to be very careful about the add-ons you install in cron, because some of them may be affected.