Well, this important because there are a couple of graphics extensions and we all love graphics, right?
According to recent Proofpoint research, eight extensions for the Google Chrome web browser have been compromised by attackers, sending malicious ads to the affected users. In a report, Proofpoint explained that the authors of these extensions had their credentials stolen, allowing the attacker to take over...The attacks occurred primarily in July and August 2017, with the attackers getting the credentials through a phishing scheme, the report said. This means that victims were exposed to malicious popups and potential schemes for stealing their credentials as well...
According to the report, these eight extensions were likely compromised:
- Web Developer 0.4.9
- Chrometana 1.1.3
- Infinity New Tab 3.12.3
- CopyFish 2.8.5
- Web Paint 1.2.1
- Social Fixer 20.1.1
- Betternet VPN" - TechRepublic
Here are your "takeaways":
- Attackers have hijacked eight Google Chrome extensions, using them to serve malicious ads and direct users to scam services.
- The attack also attempts to steal credentials to hosting services—in this case Cloudflare—so that they'll be able to conduct future attacks.
- Users who have any of the affected extensions installed should uninstall them and be careful not to click on any ads that seem suspicious.
Source linked above.