Trump has begun another trade war. Here's a timeline of how we got here
Canada's leader laments lost friendship with US in town that sheltered stranded Americans after 9/11
Chinese EV giant BYD's fourth-quarter profit leaps 73%
You're an American in another land? Prepare to talk about the why and how of Trump 2.0
Chalk talk: Star power, top teams and No. 5 seeds headline the women's March Madness Sweet 16
Purdue returns to Sweet 16 with 76-62 win over McNeese in March Madness
By Raphael Satter and AJ Vicens
-Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.
Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday.
"Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension," the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was "part of a wider campaign to target Chrome extension developers across a wide range of companies."
Cyberhaven added: "We are actively cooperating with federal law enforcement."
The geographical extent of the hacks was not immediately clear.
Browser extensions are typically used by internet users to customize their Web-browsing experiences, for example by automatically applying coupons to shopping websites. In Cyberhaven's case, the Chrome extension was used to help the company monitor and secure client data flowing across Web-based applications.
Jaime Blasco, cofounder of Austin, Texas-based Nudge Security, said he had spotted several other Chrome extensions that had been subverted in the same way as Cyberhaven's. At least one appeared to have been hit in mid-December.
Blasco said the other affected extensions included ones related to artificial intelligence and virtual private networks. He said that suggested an opportunistic effort to vacuum up sensitive data using as many compromised extensions as possible.
"I'm almost certain this is not targeted to Cyberhaven," Blasco said. "If I had to guess, this was just random."
The U.S. cyber watchdog CISA referred questions to the companies involved. A message seeking comment from Alphabet, which makes the Chrome browser, was not immediately returned.
(Reporting by Raphael Satter in Washington and AJ Vicens in Detroit; Editing by Rod Nickel and Matthew Lewis)
