🟡 CVE-2025-3800: A vulnerability has been found... 🟡 CVE-2025-3799: A vulnerability, which was cla... 🟡 CVE-2025-3798: A vulnerability, which was cla... 🟡 CVE-2025-3661: The SB Chart block plugin for ... ⚠️ CVE-2025-3404: The Download Manager plugin fo... 🔥 CVE-2021-4455: The Wordpress Plugin Smart Pro... 🟡 CVE-2025-3797: A vulnerability classified as ... ⚠️ CVE-2025-3809: The Debug Log Manager plugin f... ⚠️ CVE-2025-2111: The Insert Headers And Footers... ⚠️ CVE-2025-3103: The CLEVER - HTML5 Radio Playe... 🟡 CVE-2025-3275: The Themesflat Addons For Elem... 🟡 CVE-2025-1457: The Element Pack Addons for El... 🔥 CVE-2025-1093: The AIHub theme for WordPress ... 🟡 CVE-2025-3284: The User Registration & Member... 🔥 CVE-2025-3278: The UrbanGo Membership plugin ... ⚠️ CVE-2025-2010: The JobWP – Job Board, Job Lis... 🟡 CVE-2025-43903: NSSCryptoSignBackend.cc in Pop... 🟡 CVE-2025-3796: A vulnerability classified as ... ⚠️ CVE-2025-32953: z80pack is a mature emulator o... 🟡 CVE-2025-3795: A vulnerability was found in D... 🟡 CVE-2025-36625: In Nessus versions prior to 10... 🟡 CVE-2025-32377: Rasa Pro is a framework for bu... 🟢 CVE-2025-25985: An issue in Macro-video Techno... 🟡 CVE-2025-25984: An issue in Macro-video Techno... 🟢 CVE-2025-25983: An issue in Macro-video Techno... 🟡 CVE-2025-28355: Volmarg Personal Management Sy... ⚠️ CVE-2025-24914: When installing Nessus to a no... 🟡 CVE-2025-29513: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-29512: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-1697: A potential security vulnerabi... 🟡 CVE-2024-41447: A stored cross-site scripting ... 🟡 CVE-2025-32796: Dify is an open-source LLM app... 🟡 CVE-2025-32795: Dify is an open-source LLM app... ⚠️ CVE-2025-32792: SES safely executes third-part... ⚠️ CVE-2025-32442: Fastify is a fast and low over... 🔥 CVE-2025-32434: PyTorch is a Python package th... ⚠️ CVE-2025-32389: NamelessMC is a free, easy to ... 🟡 CVE-2025-31120: NamelessMC is a free, easy to ... ⚠️ CVE-2025-31118: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30357: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30158: NamelessMC is a free, easy to ... ⚠️ CVE-2025-29784: NamelessMC is a free, easy to ... 🟡 CVE-2025-27599: Element X Android is a Matrix ... 🟡 CVE-2025-3792: A vulnerability, which was cla... 🟡 CVE-2025-3791: A vulnerability classified as ... 🟡 CVE-2025-2950: IBM i 7.3, 7.4, 7.5, and 7.5 i... ⚠️ CVE-2025-29625: A buffer overflow vulnerabilit... 🟡 CVE-2025-3790: A vulnerability classified as ... 🟡 CVE-2025-3789: A vulnerability was found in b... 🟡 CVE-2025-32790: Dify is an open-source LLM app... 🟡 CVE-2024-46089: 74cms <=3.33 is vulnerable to ... 🟡 CVE-2024-49808: IBM Sterling Connect:Direct We... 🟡 CVE-2024-45651: IBM Sterling Connect:Direct We... 🟡 CVE-2025-3788: A vulnerability was found in b... 🟡 CVE-2025-3787: A vulnerability was found in P... 🟡 CVE-2025-3106: The LA-Studio Element Kit for ... ⚠️ CVE-2025-3786: A vulnerability was found in T... ⚠️ CVE-2025-3785: A vulnerability has been found... 🟡 CVE-2025-3056: The Download Manager plugin fo... 🔥 CVE-2025-2492: An improper authentication con... 🟡 CVE-2025-3783: A vulnerability classified as ... 🟡 CVE-2025-3598: The Coupon Affiliates – Affili... 🟡 CVE-2025-2162: The MapPress Maps for WordPres... 🔥 CVE-2025-1863: Insecure default settings have... 🔥 CVE-2025-39471: Improper Neutralization of Spe... ⚠️ CVE-2025-39470: Path Traversal: '.../...//' vu... ⚠️ CVE-2025-39469: Improper Neutralization of Inp... 🔥 CVE-2025-42599: Active! mail 6 BuildInfo: 6.60... ⚠️ CVE-2025-3520: The Avatar plugin for WordPres... 🟡 CVE-2025-2613: The Login Manager – Design Log... 🟡 CVE-2024-13650: The Piotnet Addons For Element... ⚠️ CVE-2025-25427: A Stored cross-site scripting ... ⚠️ CVE-2025-3509: A Remote Code Execution (RCE) ... ⚠️ CVE-2025-3246: An improper neutralization of ... 🟡 CVE-2025-3124: A missing authorization vulner... 🟢 CVE-2024-42178: HCL MyXalytics is affected by ... 🟡 CVE-2025-3765: A vulnerability, which was cla... 🟡 CVE-2025-3764: A vulnerability classified as ... 🟢 CVE-2024-42177: HCL MyXalytics is affected by ... 🟡 CVE-2025-3763: A vulnerability classified as ... 🟡 CVE-2025-3762: A vulnerability was found in P... 🟡 CVE-2025-29722: A CSRF vulnerability in Commer... 🟡 CVE-2025-28101: An arbitrary file deletion vul... 🔥 CVE-2025-28009: A SQL Injection vulnerability ... 🟢 CVE-2025-26269: DragonflyDB Dragonfly through ... 🟢 CVE-2025-26268: DragonflyDB Dragonfly before 1... ⚠️ CVE-2024-55211: An issue in Think Router Tk-Rt... 🟢 CVE-2021-47671: In the Linux kernel, the follo... ⚠️ CVE-2021-47670: In the Linux kernel, the follo... ⚠️ CVE-2021-47669: In the Linux kernel, the follo... ⚠️ CVE-2021-47668: In the Linux kernel, the follo... 🟢 CVE-2025-32415: In libxml2 before 2.13.8 and 2... ⚠️ CVE-2025-2947: IBM i 7.6  contains a privile... ⚠️ CVE-2025-29661: Litepubl CMS <= 7.0.9 is vulne... ⚠️ CVE-2025-29181: FOXCMS <= V1.25 is vulnerable ... ⚠️ CVE-2025-29180: In FOXCMS <=1.25, the installd... ⚠️ CVE-2025-29039: An issue in dlink DIR 832x 240... ⚠️ CVE-2025-43015: In JetBrains RubyMine before 2... 🟡 CVE-2025-43014: In JetBrains Toolbox App befor... 🟡 CVE-2025-43013: In JetBrains Toolbox App befor...
Recent Chrome Extension Hacks Highlight Browser Security Risks

By Cybersecurity Team on

Recent Chrome Extension Hacks Highlight Browser Security Risks

In December 2024, a series of cyberattacks compromised several Chrome browser extensions, exposing users to data theft and other security risks. These incidents underscore the vulnerabilities inherent in browser extensions and the need for heightened vigilance among users and developers.

The Cyberhaven Breach

On December 24, 2024, Cyberhaven, a data protection company, reported that its Chrome extension had been compromised. Attackers managed to publish a malicious update (version 24.10.4) that was active for approximately 25 hours before being removed. This update enabled the exfiltration of sensitive user data, including authenticated sessions and cookies, to a rogue domain. Cyberhaven promptly released a clean update (version 24.10.5) and has been cooperating with federal law enforcement to address the breach.

Wider Implications

Security researcher Jaime Blasco identified that this attack was part of a broader campaign targeting multiple Chrome extensions, including those related to artificial intelligence and virtual private networks (VPNs). The attackers appeared to be opportunistically compromising extensions to collect sensitive data across various platforms, rather than targeting specific organizations.

Recommendations for Users

In light of these events, users are advised to:

  • Regularly review installed browser extensions and remove any that are unnecessary or unfamiliar.
  • Ensure all extensions are updated to their latest versions, as developers often release patches to address security vulnerabilities.
  • Be cautious when granting permissions to extensions, especially those requesting access to sensitive data or extensive browser capabilities.
  • Consider using reputable security software to detect and prevent malicious activities associated with compromised extensions.

Recommendations for Developers

Extension developers should implement robust security measures to protect their extensions from unauthorized access, including:

  • Employing strong authentication mechanisms to prevent account compromises.
  • Regularly auditing code and dependencies for vulnerabilities.
  • Monitoring for suspicious activities related to their extensions and responding promptly to potential security incidents.

Conclusion

The recent compromises of Chrome extensions highlight the importance of maintaining rigorous security practices for both users and developers. Staying informed and vigilant can significantly reduce the risks associated with browser extension vulnerabilities.

Sources

Back to Posts