Malicious Chrome Extensions Pose as Workday, NetSuite to Hijack Accounts

In January 2026, cybersecurity researchers uncovered a coordinated supply chain attack leveraging five malicious Google Chrome extensions. These extensions posed as legitimate productivity tools for major enterprise platforms like Workday, NetSuite, and SuccessFactors, collectively amassing over 2,300 installs from the official Chrome Web Store before their removal.