Hackers have targeted Google Chrome users in a frightening 2FA bypass attack—a full list of impacted extensions has now been published.

A BleepingComputer investigation found the same code was injected into at least 35 Google Chrome extensions, which are being used by roughly 2.6 million users worldwide. This led to 400,000 devices being infected with malicious code through the CyberHaven extensions.

Multiple Chrome browser extensions have been hijacked by hackers in recent months to steal data from their users.

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.

Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes. Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET.

Chrome extension vulnerabilities leave millions at risk of 2FA bypass attacks, with hackers targeting multiple companies.

The attack began after a hacker successfully targeted a Cyberhaven employee via a phishing email that was sent to Chrome extension developers. The employee, believing the email was an official Google contact, clicked the email and input their login credentials on the phishing page.

A significant breach of popular Google Chrome extensions, including Cyberhaven, has exposed sensitive user data. Learn how the attack unfolded and how to secure your browser.

Criminals have hijacked dozens of popular browser extensions in a bid to target Google Chrome users and steal sensitive data, like passwords. The devastating campaign started last month and shows no sign of slowing.