Time to check if you ran any of these 33 malicious Chrome extensions

A spear-phishing campaign targeted Chrome extension developers and tricked at least one developer into granting OAuth permissions that allowed the attacker to push malicious extension updates; the campaign impacted 20 extensions with a combined ~1.46M downloads (including a malicious Cyberhaven extension update) and included an earlier, separate compromise of Reader Mode via a third‑party monetization library that harvested browsing data and credentials.