Supply chain attacks against Chrome Extensions

Kurt Buff

unread,

Dec 31, 2024, 2:24:49 PM12/31/24

to ntsys...@googlegroups.com

https://www.databreachtoday.com/hackers-launch-supply-chain-attack-against-chrome-extensions-a-27173

I checked our firewall logs for the IP address mentioned, and we're clean.

Kurt

Erik Goldoff

unread,

Dec 31, 2024, 2:46:25 PM12/31/24

to ntsys...@googlegroups.com

always a good idea to check for IOCs on such high profile high risk attacks

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4y1biPwSNGoQ7K2J3X%3D4V-WuYtyEW1-qeZvihMP83rqA%40mail.gmail.com.

Michael B. Smith

unread,

Dec 31, 2024, 4:13:28 PM12/31/24

to ntsys...@googlegroups.com

“The attack "only impacted machines running Chrome-based browsers that were updated via the Google Chrome Web Store,"”

So….everything but Firefox and Safari?

smdh

--

Kurt Buff

unread,

Dec 31, 2024, 4:43:10 PM12/31/24

to ntsys...@googlegroups.com

The browser is the OS, right? And it's damned hard to police the browser and its extensions.

Oh, and the dev for the extension in question got phished for his creds, which means that proper separation of privileges wasn't maintained (browsing and email not on a machine separate from his dev box) - and the company offering the extension is in the business of DLP.

So much fail.

Kurt

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/39705553bb434640bc45fce380adbbc7%40smithcons.com.

Reply all

Reply to author

Forward