‘Web Developer for Chrome’ Extension Compromised

On August 2, the popular Google Chrome extension “Web Developer for Chrome” was compromised and ran unauthorized Javascript code and injected unwanted ads into users' browsers. The extension’s developer, Chris Pederick, confirmed the incident via his Twitter account, stating he had fallen victim to a phishing email sent to his personal Gmail account. An unidentified hacker then accessed Pederick’s Google account, updated the extension software to version 0.4.9, and pushed it to its 1,044,000 users. The Mozilla Firefox version of the extension is not believed to have been compromised. The NJCCIC recommends users of the Web Developer for Chrome extension immediately update to version 0.5, terminate any login sessions or cookies used on websites during the affected timeframe, and consider changing passwords of accounts accessed during that time.