back to article Supply chain attack hits Chrome extensions, could expose millions

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already. Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies, and …

  1. Jou (Mxyzptlk) Silver badge

    Not surprised...

    I login with a browser (chrome of Mozilla-based). Oauth, for example. With secondary factor.

    I copy the %appdata% and %localappdata% of the browser (or their equivalent unix datastore) to another machine with same OS, more similarity was not needed for my tests.

    Login is still valid. And they call that secure, when "just copy some files" is enough.

    Does not work every time for every service, but works way too often to be called secure.

    Until that is fixed, globally for all somewhat important sites, all extensions have it easy to gain access to where they should not.

    We are soooo frigged.

    1. MiguelC Silver badge

      Re: Not surprised...

      Yup, even Firefox own login and Mozilla sync credentials are copied, so all passwords stored by Mozilla are synced to a new device that way

  2. Doctor Syntax Silver badge

    "one of the unfortunate ones to detect the compromise"

    Unfortunate to have been compromised but detecting the compromise makes them fortunate compared to those who were compromised and didn't detect it.

  3. Doctor Syntax Silver badge

    "malicious OAuth applications"

    Oh, no! Don't tell me that by abandoning KISS, introducing a third party, a longer supply chain and increasing the attack surface things become less secure.

  4. bootlesshacker

    I don't know anything about browser extensions, but isn't there some sort of signing process in place performed by developers, which would prevent this very thing from happening (unless they somehow had the keys too)?

  5. gsearle
    FAIL

    Tried it, dumped it, business as usual

    I remember trying out the "Reader Mode" extension, being warned that something was off by a security extension (NoScript), and uninstalling it immediately. I thought nothing further of it, as compromised extensions are just a fact of life these days.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like