Hackers have famous books about eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
They met on Tumblr, and their relationship outlasted their accounts
Chrissy Teigen only needed 2 emoji to hilariously troll this John Legend article
Cynthia Nixon is running for NY governor and you should be happy
Chrissy Teigen only needed 2 emoji to hilariously troll this John Legend article
Best laptop deal: Get the 14
Apple's new 16
Twitter study says its algorithm boosts right
Apple Music's new 'Voice Plan' is cheaper, but you have to use Siri
NYT Connections hints and answers for February 5: Tips to solve 'Connections' #605.
Stormy Daniels launches crowdfunding campaign for Trump lawsuit
Elon Musk's DOGE.gov website can apparently be edited by anyone
This soccer player has started celebrating goals by doing the dances in 'Fortnite'
Pixel 6 comes with 'Quick Tap to Snap,' a super fast Snapchat camera shortcut
Disney delays five Marvel movies, other major releases
Wordle today: The answer and hints for January 28, 2025
Mark Zuckerberg reportedly hasn't chosen a new name for Facebook yet
'The Office' stars compare Michael Scott to Ted Lasso
Apple Store goes offline ahead of 'Unleashed' event
Report: Match Group dating apps conceal assault cases
Prince William unveils the 5 winners of the Earthshot Prize
Google Bard announcement: TextNice guy Ryan Reynolds puts up a cash reward for a lost teddy bearUber adds flight bookings to the appHaunted TikTok is the next evolution of internet horrorFever Pitch by Morgan MacgregorGood morning, Cuthbert! A year later, rush hour's still on for TikTok's favourite goose.'10 MacBooks' hacker returns to Twitter, steals actor LeVar Burton's accountGoogle just can't stop leaking the Pixel FoldSusanne Kippenberger on ‘Kippenberger’ by Miranda PurvesAt Google I/O 2023, Android 14's wallpaper customization steals the spotlightA Panorama of ‘Middlemarch’These reliable, cheap meat thermometers are kitchen essentialsThe Aristocrats by Meredith BlakeThese reliable, cheap meat thermometers are kitchen essentialsThe best memes from Eurovision's first semiWordle today: Here's the answer and hints for May 11Kim Kardashian issues rare statement on Kanye West’s mental healthA Routine Matter: On Habits, William James, and Charles DuhiggGoogle directed a sick burn at Apple during I/O 2023Announcing Issue 200! by Sadie Stein Singaporeans have another carpool service with launch of UberPool Anki's wild journey from WWDC star to consumer robot innovator Samsung Gear Fit 2 is way better than the original, but just shy of perfect Caitlyn Jenner: 'Trump seems to be very much for women.' Fans are stanning Ariana and Pete after listening to *that song* on 'Sweetener' 'Sharp Objects': Who is the killer? Facebook birthday fundraisers rake in $300 million in first year Does Amazon own Seattle? This Disney princess cameo in 'Ralph Breaks the Internet' is already a meme 'World of Warcraft: Battle for Azeroth' feels like older 'WoW': Review Matchmaking the best crossover couples across all fiction 'Game of Thrones' star says final season will be 'heartbreaking' Smoke from California wildfires encircles Atlantic storm Ernesto Amazon Echo Dots are coming to every St. Louis University dorm room Free beer! But wait, this smart fridge only opens if Cleveland Browns win. Donald Trump gave a speech in front of a literal wall of garbage How to completely delete Facebook from your life 'Castle Rock' is maybe about alternate realties & a screaming universe Sophie Turner has some comforting words about Sansa's fate Gorgeous drone footage captures couple sex'ing in a church steeple
1.5921s , 8287.1953125 kb
Copyright © 2025 Powered by 【famous books about eroticism】,Inspiration Information Network