Hackers have recently exploited vulnerabilities affecting millions of Google Chrome users, highlighting serious security issues related to both malicious extensions and novel hacking techniques.
Recent investigations revealed at least 33 Chrome extensions had contained malicious code for up to 18 months. These security flaws were exposed following the discovery by Cyberhaven, a data loss prevention service provider, who noted these extensions contained unauthorized modifications. Users activating their browsers after the holidays are urged to confirm whether they are using any of the reported compromised extensions.
According to the report, the malicious versions of these extensions were automatically installed on user systems between December 25 and December 26, 2024. It appears attackers sent phishing emails disguised as Google terms of service violations to developers, tricking them. This deception led developers to grant attackers access to their Google accounts, allowing uploads of compromised extensions to the Chrome Web Store.
Security firms like Secure Annex have reported similar incidents affecting numerous extensions using the same method. The compromised extensions included well-known VPN services such as VPNCity and Internxt VPN, as well as AI-related tools like GPT-4 Summary with OpenAI. The response to these breaches varies; some affected extensions have provided patches, whereas others remain without fixes, leaving them open to data theft.
"Users should delete any extensions they suspect to be compromised," advised security experts, emphasizing the risk of these extensions harvesting cookies and social media login information.
These malicious activities were strategically timed during the holiday season when user vigilance is low, especially concerning English-language extensions primarily used outside Japan. Users who suspect they have used affected extensions are encouraged to keep up to date with official announcements for more information.
Meanwhile, another security threat known as double-clickjacking has emerged, raising alarms across various platforms. Security researcher Paulos Yibelo revealed this new technique can compromise credentials regardless of the browser being used.
Double-clickjacking exploits browser vulnerabilities by taking advantage of the timing of the user's double-click actions. Hackers can manipulate the user interface, leading victims to unknowingly authorize malicious actions—essentially, the old clickjacking tactics have evolved to bypass updated browser protections.
Clickjacking typically involves tricking users to click on concealed or disguised webpage elements. This outdated method, once mitigated by browser developers, is now being redefined with double-clicking as its primary vector.
“While it might sound like small change, double-clickjacking opens doors to new UI manipulation attacks,” Yibelo warned. This technique can impact all websites, cryptocurrency wallets, and even smartphones, effectively creating new vulnerabilities hackers can exploit.
Exploiting double-clickjacking can occur through two primary methods. The first is utilizing OAuth, which allows applications to access user resources on other platforms. Through this method, attackers can trick users to authorize malicious applications, leading to account takeovers across many major sites.
The second method involves account-change manipulations. Users think they are double-clicking on benign options but are instead modifying sensitive account settings, risking significant data and financial losses.
Cybersecurity professionals have expressed concern over the rise of these new attack techniques, as they add additional challenges to traditional defenses. Spencer Starkey, from the content control vendor SonicWall, stated, "The marginal decreases we’re seeing with ransomware and malware should not deceive anyone. Hackers have simply switched tactics, and it’s clear this double-clickjacking is one of their new strategies. People need to stay vigilant."
Yibelo's advocacy for caution is clear: users are advised against unnecessary double-clicking until appropriate protections are developed to combat these new threats. The security community must remain proactive and accelerated to safeguard users from these rapidly developing attack patterns.