What are the effects of the Chrome Web Developer extension hijack?

From the Twitter account you have linked, the author says:

I don’t know for sure yet, but it looks like it may have just been adware being injected. I’m still looking into the possible impact.

You have also asked whatever you should sign out of sessions, revoke keys and change passwords. While I do not have access to the malicious code, and am unable to tell what the code did, I feel pretty confident to suggest that you should end all sessions (to prevent session hijacks), and to change your passwords.

I would say that it is much easier to change passwords than later have to deal with your accounts hacked.


They basically replaced advertisements and gathered Cloudflare credentials.

Proof Point has an article with a thorough analysis about what happened.

Tags:

Chrome

Browser Extensions

Related

Recourse if debit card was used on a suspicious website How to disable CBC-mode ciphers Why do some people think linux machine accounts with passwords are more secure than accounts without passwords? MacOS Ransomware with EFI Lock How to encypt sensitive data in database of a web app? How to use YubiKey through GnuPG on remote server? PayPal payment reversal; scammer at work? Privacy: can my employer access sensitive information if they pay my mobile subscription? I bought the hardware myself Understanding a TLS 1.3 0-RTT replay attack Should a vulnerability in a service that is present on the device, but not running and not used at all, be mentioned in the vulnerability report? Does the X-Permitted-Cross-Domain-Policies header have any benefit for my website if I'm not using Adobe products? HTTP Digest Authentication: Does the server store plaintext passwords?

Recent Posts