EXT-001 Known-compromised extension version
An installed extension's (ecosystem, identifier, version) matches
a catalogued supply-chain incident. The catalog covers the December
2024 Cyberhaven Chrome publisher phish (and the sibling cluster
including Internxt VPN), the 2023 VS Code Marketplace malicious-
extension campaign (Shades of Purple typosquat), and other
catalogued editor / browser extension compromises.
Editor extensions run with the editor's full filesystem and shell reach (every buffer, every project, every git token the editor caches). Browser extensions run with reach across every tab, intercept every request, and can persist data across sessions. A compromised extension is functionally a session-token incident for every site or repo the host process can see.
What Vulkro detects
Rule fires when the catalog's lookup(ecosystem, identifier, version) returns a hit. The catalog row's severity flows
through:
Criticalfor the Cyberhaven Chrome incident (INCIDENT-2024-cyberhaven-chromeat version24.10.4).HighforINCIDENT-2024-internxt-vpn-chrome(sibling of the Cyberhaven cluster) and the 2023 Shades of Purple VS Code incident.
Confidence: High in every case. The match is an exact-string
invariant per the confidence rubric. Evidence signal:
extension-compromised-version, weight 1.0, source Pattern.
Catalog ecosystems covered:
vscode-marketplace(VS Code, Cursor, Windsurf, VSCodium)open-vsxchrome-webstore(Chrome, Chromium, Brave, Edge, Arc)firefox-amo
The catalog refreshes via the signed update bundle (vulkro update); a baked-in fallback ships in the binary so fresh
installs and offline machines still get the seed incidents.
Non-compliant: a catalogued Cyberhaven Chrome install
A per-extension Chromium manifest.json at
~/Library/Application Support/Google/Chrome/Default/Extensions/pajkjnmeojmbapicmbpliphjmcekeaac/24.10.4/manifest.json:
{
"manifest_version": 3,
"name": "Cyberhaven security extension",
"version": "24.10.4",
"permissions": ["storage", "tabs"],
"host_permissions": ["<all_urls>"]
}
The on-disk path encodes the Chrome extension ID
pajkjnmeojmbapicmbpliphjmcekeaac and version 24.10.4. The
catalog row for INCIDENT-2024-cyberhaven-chrome matches that
exact pair.
Compliant: a clean reinstall
After the publisher rotated credentials and shipped a patched release, the same identifier at a different version no longer matches the catalog row:
{
"manifest_version": 3,
"name": "Cyberhaven security extension",
"version": "24.10.5",
"permissions": ["storage", "tabs"],
"host_permissions": ["<all_urls>"]
}
Remediation
- Uninstall the catalogued extension version immediately. In
Chrome / Brave / Edge: visit
chrome://extensions, locate the extension, click Remove. In VS Code / Cursor / Windsurf: Extensions panel, locate the extension, Uninstall. - Reinstall a clean release published before the compromise window or after the publisher's incident-response patch. If the publisher has not issued a clean update, leave the extension uninstalled.
- Treat the host as compromised for the period the bad version was active. Rotate every credential the editor or browser could observe: git tokens, npm publish tokens, AWS / GCP / Azure CLI tokens, OAuth refresh tokens, session cookies for sites the user was signed into, and any password-manager session tokens.
- Review marketplace listings for the vendor's incident response notice and follow any additional guidance there.
See also
vulkro extension-audit- parent CLI command.- EXT-002 - overbroad manifest permissions (a non-compromised extension can still grant excessive reach).
- EXT-003 - extension CSP that allows remote code load.
- MCP-006 - the same catalog applied to MCP server pins.
- SUP-COMPROMISE-006 - the dep-scanner shape of this rule for any extension catalog row.