Hackers have shoe eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Greenpeace activists charged after unfurling 'Resist' banner at Trump Tower in Chicago
DOOM Eternal Tested on Low
Shop Amazon's latest AI shopping feature and explore audio summaries
Is the Ryzen 3 3300X Better Value than the Ryzen 5 3600?
Use Gmail Filters to Automate your Inbox
A NASA rover sent home an immersive Mars panorama. Watch the video.
NYT Connections hints and answers for May 22: Tips to solve 'Connections' #711.
Best neck fan deal: Save $10 on TORRAS COOLiTE Neck Fan
Boston Celtics vs. Dallas Mavericks 2025 livestream: Watch NBA online
Everything You Need to Know About SFF PCs
Use Your Gaming Laptop and Play On Battery Power? Is It Possible?
15+ Titles Every PC Gamer Should Own
Threadripper 3990X TRX40 VRM Torture Test feat. Asus ROG Zenith II Extreme Alpha
Trump zeroes out Biden's funding for rural broadband access
Cibao FC vs. Guadalajara 2025 livestream: Watch Concacaf Champions Cup for free
Trump zeroes out Biden's funding for rural broadband access
DOOM Eternal PC Graphics Benchmark
DOOM Eternal PC Graphics Benchmark
Golden State Warriors vs. Los Angeles Lakers 2025 livestream: Watch NBA online
4GHz CPU Battle: Ryzen 3900X vs. 3700X vs. Core i9
Trevor Noah is trolling Trump with a fullTrump at the G20 summit was pretty much a gaffe'Call of Duty: Black Ops Cold War' first look and campaign previewChelsea Clinton just shut down Donald Trump's latest Twitter rant with a single tweet'Real Conversations of Grindr' reveals there's a long way to go with HIV stigmaiPhone 12 Pro Max leak appears to confirm rumored features including 120hz display, LiDAR autoA militia group posted a 'call to arms' on Facebook. Now two people in Kenosha are dead.Lucid reveals more about its TeslaLucid reveals more about its TeslaAustralian journalist's blistering takedown of Trump goes viralDonald Trump Jr tweets himself into a deeper hole, just like his dadChelsea Clinton just shut down Donald Trump's latest Twitter rant with a single tweetBig pup spooked by extremely tiny kitten while trying to make friendsAustralian journalist's blistering takedown of Trump goes viralDid Trump just use the soundtrack of a kids' movie at his convention?Don't believe that viral photo of Trump gazing at PutinRussian hacker tried to bribe a Tesla factory worker to install malware'Bill & Ted Face the Music' recaptures the Bill & Ted magic: ReviewHow to use your phone to record police violence safely and effectivelyDancing grandma flashes everyone at Dodgers stadium because she knows how to live The Poem That Inspired “Annie” The Morning News Roundup for September 26, 2014 Secret Nerdery: Warhammer 40,000 Google announces date for Pixel 8 reveal event Devastatingly, Dolly Parton is not on TikTok The Joys of Seeing Movies Alone Everybody Knows Me: An Interview with Walter Matthau by Aram Saroyan The Morning News Roundup for September 30, 2014 Lorin Stein in Conversation with Donald Antrim and Ben Lerner Best software deal: Adobe Photoshop and Premiere Elements 2023 on sale for 37% off Louisa May Alcott’s Definition of Admiration W. S. Merwin on Sir Thomas Wyatt by Dan Piepenbring All Aboard L’Armand The Morning News Roundup for September 29, 2014 YouTube star KSI has made very little from Twitter aka X monetization Super blue moon: When and how to see it X faces millions in fees over unpaid severance for former Twitter employees NFT creator agrees to pay $6.1 million settlement in SEC case The Morning News Roundup for October 3, 2014 Censoring Terry Southern
2.1171s , 10194.8359375 kb
Copyright © 2025 Powered by 【shoe eroticism】,Pursuit Information Network