A sophisticated cyberattack has compromised at least 36 Google Chrome extensions, exposing sensitive data of over 2.5 million users. The attack, first detected on December 25, 2024, targeted developers through phishing emails that mimicked Google notifications. These emails tricked developers into granting permissions to a malicious OAuth application, allowing attackers to upload tampered versions of the extensions to the Chrome Web Store. The compromised extensions included those related to AI and VPNs, with attackers primarily targeting Facebook login credentials and Facebook Ads accounts. Cyberhaven, a cybersecurity firm, was among the affected entities, with its Chrome extension compromised on Christmas Eve. The malicious extensions bypassed Google's security checks and were downloaded through automatic updates. Researchers believe the campaign may have started as early as March 2024, indicating a long-term, coordinated effort. The attack underscores vulnerabilities in software supply chains and the need for stronger security measures for browser extensions.