What's going on with that Cyberhaven browser extension compromise? Nothing good.

secureannex.com/blog/cyberhaven-extension-compromise/

The Cyberhaven extension turns out to be designed to monitor and block websites that try to steal your data. That part is legitimate.

Or was, until it got hacked, when instead of blocking attempts to steal your data, it simply just stole your data.

It was quickly fixed, but it also quickly caught the attention of security researchers, who discovered a long and growing list of other compromised browser extensions.

CAUTION - make sure you are not logged into a google account before you click the below link from poa.st

docs.google.com/spreadsheets/d/15xOLbYgz5DQnCWYE6a_LXGcqYC_bNPPzdBqdLofz6-E/edit

Some have been fixed. Some have been pulled from the Chrome web store.

Others have been compromised for months.

The root of the problem is a targeted fishing attack aimed at developers of browser extensions. Hack the developers, then hack the extensions, then hack the users of those extensions.