By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Marketing In Asia
  • Marketing
    • Viral
    • Expert Opinions
    • News & Trends
    • Research
    • Market Podcasts
    • Market Videos
    Marketing
    This category deals with best news and updates on marketing and branding news and events.
    Show More
    Top News
    Sangeeta Mudnal
    How conversational commerce benefits marketers
    4 months ago
    Andrew Monu, VP of Marketing, LinkedIn
    Marketing in Asia Presents an Exclusive Interview with Andrew Monu, VP of Marketing, LinkedIn
    5 months ago
    Ankita Thakur
    Marketing in Asia Presents an Exclusive Interview with Ankita Thakur, Group Head of Marketing, MoneyHero Group
    5 months ago
    Latest News
    Marketing in Asia Presents an Exclusive Interview with Cris Tan, Associate Director, Publisher Development (SEA)
    4 months ago
    Time for ASEAN to Rethink a Single Currency Amid Global Trade Tensions
    4 months ago
    Marketing in Asia Presents an Exclusive Interview with Carine Chin, Head of Corporate Marketing, Etiqa Insurance Singapore
    4 months ago
    Marketing in Asia Presents an Exclusive Interview with April Tayson, Regional VP INSEAU at Adjust
    4 months ago
  • Startup
    • News from Startup world
    • Startup Stories
    • Trends and Opinions
    • Startup Podcasts
    • Startup Videos
    Startup
    News and articles from startup and venture investment world
    Show More
    Top News
    Japan’s Evolving Booze Culture: A Market in Transformation
    Japan’s Evolving Booze Culture: A Market in Transformation
    12 months ago
    text
    Safe Space™ announces partnership with National Healthcare Group as it continues to boost employee support and wellbeing
    1 year ago
    Sakshi Kalani Founder & CEO of Savy Click and Jaipur Unfolded
    AI-Powered Analytics: Sakshi Kalani on Influencer Marketing in 2025
    1 year ago
    Latest News
    Byron J. Fernandez: Minimize the stress of business crises with strong CX
    10 months ago
    Vedant Mahajan Acquires Stake in Flite: Transforming Event Technology with Innovation
    10 months ago
    Navigating the Digital Economy and Tax Challenges for SMEs
    10 months ago
    sehatUP Launches India’s First Integrated Digital Health Clinic, Pioneering Holistic Healthcare
    11 months ago
  • Business
    • Feature Stories
    • News
    • Business Podcasts
    • Business Videos
    Business
    News and press releases from business world of Asia
    Show More
    Top News
    Carine Chin
    Marketing in Asia Presents an Exclusive Interview with Carine Chin, Head of Corporate Marketing, Etiqa Insurance Singapore
    4 months ago
    April Tayson, Regional VP INSEAU at Adjust
    Marketing in Asia Presents an Exclusive Interview with April Tayson, Regional VP INSEAU at Adjust
    4 months ago
    Andrew Monu, VP of Marketing, LinkedIn
    Marketing in Asia Presents an Exclusive Interview with Andrew Monu, VP of Marketing, LinkedIn
    5 months ago
    Latest News
    Exclusive Interview: Adeline Lim, CMO & Head of Commercial Excellence at Menarini Asia-Pacific, Shares Insights with Marketing in Asia
    7 days ago
    Exclusive Interview: Twilio’s Sam Richardson Talks Brand Communications with Marketing in Asia
    4 weeks ago
    Marketing in Asia Presents an Exclusive Interview with Cris Tan, Associate Director, Publisher Development (SEA)
    4 months ago
    Time for ASEAN to Rethink a Single Currency Amid Global Trade Tensions
    4 months ago
  • Society
    • Inspiration
    • Destinations & Travel
    • Food & Gourmet
    • People
    • Young Voices
    • Society Videos
    • Society Podcasts
    Society
    News and articles from and for societies around us
    Show More
    Top News
    Smashers Sports Acquires Delhi Franchise of WPBL: A Game-Changer in India’s Sports Entertainment
    Smashers Sports Acquires Delhi Franchise of WPBL: A Game-Changer in India’s Sports Entertainment
    10 months ago
    Resorts World Cruises Sets Sail from Dubai with New Luxury Gulf Voyages
    Resorts World Cruises Sets Sail from Dubai with New Luxury Gulf Voyages
    11 months ago
    Australia luxury property
    Australia’s Luxury Real Estate Market Soars as Affluent Buyers Seek Waterfront Dreams
    11 months ago
    Latest News
    From Taboo to Triumph: How Malaysians Are Transforming Their Intimate Health Journey
    6 months ago
    Top 5 Misconceptions About Antibiotics Malaysians Need to Stop Believing
    7 months ago
    Eagle Eye Reveals Impact of Loyalty Programs on APAC Retailers
    7 months ago
    Elevate Your Haircare in 2025 with Jung Beauty’s Luxurious Camellia Edition Treatment
    9 months ago
  • Press Release
  • Awards
    • MIA Impact Circle Stellar CxO 2023 Malaysia
    • MIA Impact Circle Stellar CxO 2023 India
    • MIA Impact Circle Stellar CxO 2023 Philippines
    • Australian Women in Business Excellence Awards
    • MIA Impact Circle Stellar CxO 2024 Singapore
    • Mia Impact Circle Stellar Cxo 2024 Hongkong Award 
    • Mia Impact Circle Stellar Cxo 2024 Indonesia Award 
Search
Technology
  • Hot
  • Trending
  • Editor’s Choice
  • NSFW
  • Reactions
  • Authors
  • Viral on Internet
Other Pages
  • My Bookmarks
  • Customize Interests
  • About Marketing In Asia
  • Business Register & Login
  • Web Stories
  • Videos
  • Disclaimer
  • Terms of Service
  • Privacy Policy
© 2024 Marketing In Asia Sdn Bhd. All Rights Reserved.
Reading: SquareX Warns of Rising Browser Extension Attacks Following Cyberhaven Breach
Share
Sign In
Notification Show More
Latest News
Adeline Lim
Exclusive Interview: Adeline Lim, CMO & Head of Commercial Excellence at Menarini Asia-Pacific, Shares Insights with Marketing in Asia
Interviews
THE MONSTERS
Hong Kong International Airport collaborates with artist Kasing Lung to showcase the world’s largest THE MONSTERS art installation and limited-edition LABUBU vinyl toys
Press Release
Saatchi Group
M+C Saatchi Group appoints industry leader Rhian Mason to reimagine Earned and Sport & Entertainment offering
Press Release
Samsung
Samsung’s 2025 OLED TV Certified as a VDE ‘Real Black’ Display for Industry-Leading Picture Quality 
Press Release
SCA
SCA APPOINTS NATIONAL HEAD OF THE STUDIO 
Press Release
Aa
Marketing In Asia
Aa
  • Hot
  • Trending
  • Editor’s Choice
  • NSFW
  • Reactions
  • Authors
  • Viral on Internet
  • My Bookmarks
  • Customize Interests
  • About Marketing In Asia
  • Business Register & Login
  • Startup Register & Login
Search
  • Marketing
    • Viral
    • Expert Opinions
    • News & Trends
    • Research
    • Market Podcasts
    • Market Videos
  • Startup
    • News from Startup world
    • Startup Stories
    • Trends and Opinions
    • Startup Podcasts
    • Startup Videos
  • Business
    • Feature Stories
    • News
    • Business Podcasts
    • Business Videos
  • Society
    • Inspiration
    • Destinations & Travel
    • Food & Gourmet
    • People
    • Young Voices
    • Society Videos
    • Society Podcasts
  • Press Release
  • Awards
    • MIA Impact Circle Stellar CxO 2023 Malaysia
    • MIA Impact Circle Stellar CxO 2023 India
    • MIA Impact Circle Stellar CxO 2023 Philippines
    • Australian Women in Business Excellence Awards
    • MIA Impact Circle Stellar CxO 2024 Singapore
    • Mia Impact Circle Stellar Cxo 2024 Hongkong Award 
    • Mia Impact Circle Stellar Cxo 2024 Indonesia Award 
Have an existing account? Sign In
Follow US
© 2023 Marketing In Asia Sdn Bhd. All Rights Reserved.
Marketing In Asia > Blog > Open Category > SquareX Warns of Rising Browser Extension Attacks Following Cyberhaven Breach
Open Category

SquareX Warns of Rising Browser Extension Attacks Following Cyberhaven Breach

profile
Last updated: 2025/01/02 at 2:06 PM
Gaurav Mishra
Share
7 Min Read
SquareX Warns of Rising Browser Extension Attacks Following Cyberhaven Breach
SHARE

Palo Alto, Calif., December 30, 2024 – SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX  reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store.

Unfortunately on December 25th 2024, a malicious version of Cyberhaven’s browser extension was published on the Chrome Store that allowed the attacker to hijack authenticated sessions and exfiltrate confidential information. The malicious extension was available for download for more than 30 hours before being removed by Cyberhaven. The data loss prevention company declined to comment on the extent of the impact when approached by the press, but the extension had over 400,000 users on the Chrome Store at the time of the attack.

It is unfortunate that the attack took place as SquareX’s researchers had identified the very same attack with a video demonstrating the entire attack pathway just a week before the Cyberhaven breach. The attack begins with a phishing email impersonating Chrome Store containing a supposed violation of the platform’s “Developer Agreement”, urging the receiver to accept the policies to prevent their extension from being removed from Chrome Store. Upon clicking on the policy button, the user gets prompted to connect their Google account to a “Privacy Policy Extension”, which grants the attacker access to edit, update and publish extensions on the developer’s account.

Fig 1. Phishing email targeting extension developers    

  
 

Fig 2. Fake Privacy Policy Extension requesting access to “edit, update or publish” the developer’s extension

Extensions have become an increasingly popular way for attackers to gain initial access. This is because most organizations have limited purview on what browser extensions their employees are using. Even the most rigorous security teams typically do not monitor subsequent updates once an extension is whitelisted.

SquareX has conducted extensive research and demonstrated at DEFCON 32, how MV3 compliant extensions can be used to steal video stream feeds, add a silent GitHub collaborator and steal session cookies, among others. Attackers can easily create a seemingly harmless extension and later convert it into a malicious one post-installation or, as demonstrated in the attack above, deceive the developers behind a trusted extension to gain access to one that already has hundreds of thousands of users. In Cyberhaven’s case, attackers were able to steal company credentials across multiple websites and web apps through the malicious version of the extension.   

Given that developer emails are publicly listed on Chrome Store, it is easy for attackers to target thousands of extension developers at once. These emails are typically used for bug reporting. Thus, even support emails listed for extensions from larger companies are usually routed to developers who may not have the level of security awareness required to find suspicion in such an attack. As per SquareX’s attack disclosure and the Cyberhaven breach occurred within the span of less than two weeks, the company has strong reason to believe that many other browser extension providers are being attacked in the same way. SquareX urges companies and individuals alike to conduct careful inspection before installing or updating any browser extensions.

Fig 3. Contact details of extension developers are publicly available on Chrome Store

We understand that it can be non-trivial to evaluate and monitor every single browser extension in the workforce amidst all the competing security priorities, especially when it comes to zero-day attacks. As demonstrated in the video, the fake privacy policy app involved in Cyberhaven’s breach was not even detected by any popular threat feeds.

Also Read: Carlsberg Unveils Artist-Edition Festive Packaging for CNY 2025: Celebrating 178 Years of Brewing Prosperity

SquareX’s Browser Detection and Response (BDR) solution takes this complexity off security teams by:

  • Blocking OAuth interactions to unauthorized websites to prevent employees from accidentally giving attackers unauthorized access to your Chrome Store account
  • Blocking and/or flagging any suspicious extension updates containing new, risky permissions
  • Blocking and/or flagging any suspicious extensions with a surge of negative reviews
  • Blocking and/or flagging installations of sideloaded extensions
  • Streamline all requests for extension installations outside the authorized list for quick approval based on company policy
  • Full visibility on all extensions installed and used by employees across the organization

SquareX’s founder Vivek Ramachandran warns “Identity attacks targeting browser extensions similar to this OAuth attack will only become more prevalent as employees rely on more browser-based tools to be productive at work. Similar variants of these attacks have been used in the past to steal cloud data from apps like Google Drive and One Drive and we will only see attackers get more creative in exploiting browser extensions. Companies need to remain vigilant and minimize their supply chain risk without hampering employee productivity by equipping them with the right browser native tools.”

About SquareX

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

With SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

You Might Also Like

Test Post for WordPress

MAXMEDIALAB Appointed as Strategic Media Agency for Paspaley

111222

111222

New Huggies AirSoft Pants: Soft and breathable for baby, easy for parents

MIA
Get Latest Job Updates on Whatsapp and Telegram
SCIKEY Logo
Whatsapp
Telegram
TAGGED: BDR solution, browser extension threats, browser security, Chrome extension attack, Chrome Store security, Cyberhaven breach, Cybersecurity, OAuth phishing, SquareX

Sign Up For MIA Newsletter

Be keep up! Get the latest updates about the Marketing world delivered straight to your inbox.

    By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
    Gaurav Mishra January 2, 2025 January 2, 2025
    Share This Article
    Facebook Twitter LinkedIn Email Copy Link Print
    Share
    What do you think?
    Love0
    Happy0
    Joy0
    Surprise0
    Sad0
    Angry0
    Cry0
    profile
    By Gaurav Mishra
    Follow:
    Helping businesses rank higher, and experience in building brand visibility and authority with customized SEO solutions. A passionate observer of business dynamics and technological advancements. Lastly, I have interest in Geo-politics offers a sobering look at the intertwining of global events and economic trends.
    Previous Article McDonald’s Singapore Ushers in Lunar New Year with Sanrio Surprises! McDonald’s Singapore Ushers in Lunar New Year with Sanrio Surprises!
    Next Article Dyson Unveils Luxurious Red Velvet and Gold Haircare Range for the Year of the Snake Dyson Unveils Luxurious Red Velvet and Gold Haircare Range for the Year of the Snake
    9.5k Followers Follow
    3.4k Followers Like
    1.1k Followers Follow
    214 Followers Follow
    208 Subscribers Subscribe

    Latest News

    Adeline Lim
    Exclusive Interview: Adeline Lim, CMO & Head of Commercial Excellence at Menarini Asia-Pacific, Shares Insights with Marketing in Asia
    Interviews 7 days ago
    THE MONSTERS
    Hong Kong International Airport collaborates with artist Kasing Lung to showcase the world’s largest THE MONSTERS art installation and limited-edition LABUBU vinyl toys
    Press Release 1 week ago
    Saatchi Group
    M+C Saatchi Group appoints industry leader Rhian Mason to reimagine Earned and Sport & Entertainment offering
    Press Release 1 week ago
    Samsung
    Samsung’s 2025 OLED TV Certified as a VDE ‘Real Black’ Display for Industry-Leading Picture Quality 
    Press Release 1 week ago

    PropertyGuru

    property guru

    You Might also Like

    Test Post for WordPress

    1 month ago
    MAXMEDIALAB
    Open Category

    MAXMEDIALAB Appointed as Strategic Media Agency for Paspaley

    2 months ago

    111222

    2 months ago

    111222

    2 months ago
    //

    Get Asia to Notice You

    Quick Link

    • Contact
    • RSS Terms of Service
    • Policies & Standards
    • About Us
    • FAQ
    • Disclaimer
    • Terms Of Service
    • Privacy Policy

    Top Categories

    • Marketing
    • Startup
    • Feature Stories
    • News
    • People
    • Inspiration

    Sign Up for Our Newsletter

    Subscribe to our newsletter to get our newest articles instantly!

      Marketing In AsiaMarketing In Asia
      Follow US
      © 2024 Marketing In Asia. All Rights Reserved.
      • Disclaimer
      • Terms of Service
      • Privacy Policy