Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users. The extension of data security firm Cyberhaven was compromised after an employee fell victim to a phishing attack and authorized a malicious OAuth application called ‘Privacy Policy Extension’ to Cyberhaven’s Chrome Web Store account. The attackers then used these permissions to publish a malicious version of the extension to the Chrome Web Store. The malicious version was removed from the store immediately after the attack was discovered and was replaced with version 24.10.5, which is clean. The malicious extension appears to have targeted Facebook.com advertising users. At least five other compromised Chrome extensions were identified, including Internxt VPN, VPNCity, Uvoice and ParrotTalks.

Read more: https://www.securityweek.com/several-chrome-extensions-compromised-in-supply-chain-attack/