Hackers have Drama Movies | Adult Movies Onlinediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Best Apple deal: Save $19 on AirTag 4
Nintendo Switch 2 preorder just days away, per leak
NYT mini crossword answers for April 24, 2025
44 GPU Fortnite Benchmark: The Best Graphics Cards for Playing Battle Royale
Instagram tests Storylines, a collaborative twist on Stories
'Thunderbolts*' mid
'Mario Kart World' Nintendo Direct: 3 takeaways
NYT Connections Sports Edition hints and answers for April 23: Tips to solve Connections #212
NYT Strands hints, answers for May 1
Today's Hurdle hints and answers for April 29, 2025
Things Intel Needs to Fix
The State of 5G: When It's Coming, How Fast It Will Be & The Sci
Musetti vs. Diallo 2025 livestream: Watch Madrid Open for free
Meta continues its submission to Trump with new advisor on its board
Best Samsung deal: Save $60 on 64GB Samsung Galaxy Tab A9
Amazon requires sellers to use more efficient packaging, or pay up
NYT Strands hints, answers for May 2
NYT Connections hints and answers for May 1: Tips to solve 'Connections' #690.
Nvidia DLSS: An Early Investigation
Parental Controls: How to Lock Down Your Kids' iOS Devices
St. Mark’s Saved by Lorin SteinThree Events with Our Editors by The Paris ReviewA Week in Culture: Sadie Stein, Editor by Sadie SteinJohn Jeremiah Sullivan Tonight at The Half King! by The Paris ReviewOn ‘Artaud420 Characters by Lou BeachUnread Books; Changing Character Names by Lorin SteinStaff Picks: Ghost Stories, Black Books by The Paris ReviewCosmic Geometry by Lauren O'NeillAsk the Paris Review! (West Coast Edition) by Sadie SteinStaff Picks: ‘Proud Beggars,’ A Brilliant Invalid by The Paris ReviewThe Corner Booth by Vanessa BlakesleePaul Murray on “That’s My Bike!” by Rachel NolanStaff Picks: “Hadji Murat,” A Version of the Afterlife by The Paris ReviewOn the Shelf by Sadie SteinDocument: The Symbolism Survey by Sarah Funke ButlerStaff Picks: ‘Desire,’ Tim Tebow by The Paris ReviewStaff Picks: Ghost Stories, Black Books by The Paris ReviewAlice in Bed, Again by The Paris ReviewPart 1: The Amanuensis by Mark Van de Walle Ada Hegerberg becomes first woman to win the Ballon D'Or, gets asked if she can twerk YouPorn bans Starbucks products from its offices 'Smart' e Samsung caught using stock photo taken with DSLR to showcase Galaxy A8 camera Apple may release updated AirPods in 2019 and 2020 Wave of '90s throwback tours proves the nostalgia cycle is in full effect Google’s Santa Tracker is back with more holiday fun for 2018 Videos of tech being destroyed will set you free, if only for a few minutes Samsung has a 5G prototype phone with a corner notch Columbia Sportswear has a brand new Star Wars jacket for you to covet Here are all the 5G devices coming in 2019... so far UK lawmakers just released a trove of Facebook emails Tumblr will ban all adult content on Dec. 17 Apple reveals the most popular iPhone apps of 2018 Fellow NFL players join Colin Kaepernick in National Anthem protest Man who loves tea changes his middle name to 'Yorkshire Tom Cruise breaks silence on the 'soap opera effect' and we couldn't be happier Waymo One, Google's new self A new 'Call Me By Your Name' book is currently in the works and OMG 'Friends' isn't leaving Netflix January 1
2.6289s , 8225.0546875 kb
Copyright © 2025 Powered by 【Drama Movies | Adult Movies Online】,Inspiration Information Network