Christmas Eve Phishing Attack Exposes Cyberhaven Chrome Extension Vulnerability, Casey Ellis Warns Millions at Risk from Syncjacking

A recent phishing attack on Christmas Eve exploited a vulnerability in a Cyberhaven Chrome extension, raising concerns about browser security. Experts have noted an increase in similar attacks throughout 2023. Casey Ellis, from Bugcrowd, emphasized the need to reassess extension security practices. In addition, a new technique known as 'browser syncjacking' has been disclosed, which allows attackers to gain full control over browsers and devices. This method poses risks to millions of users, as it can hijack devices through compromised Chrome extensions. The Security Ledger's Paul F. Roberts highlighted this emerging threat, further stressing the importance of cybersecurity measures.