Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes. Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET.

The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."

The attack began after a hacker successfully targeted a Cyberhaven employee via a phishing email that was sent to Chrome extension developers. The employee, believing the email was an official Google contact, clicked the email and input their login credentials on the phishing page.

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.

Hackers have compromised several popular Chrome extensions with hundreds of thousands of users, TechCrunch reported today. One of the affected extensions is developed by Cyberhaven Inc., a venture-backed cybersecurity provider. The company confirmed the incident in a statement.

By Raphael Satter and AJ Vicens -Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.

Cyberhaven, a California-based cyber security firm says it was recently hacked on Christmas Eve, and that the hackers were targeting Chrome extensions. Cyberhaven doesn’t mention what the reasoning for the attack was,