Hackers have Room Girls Sex Skilldiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Amazon CEO tries to sell kids on working on the moon
The Weeknd finally deleted Selena Gomez from his social media
Outlander recap: Episode 11 serves up turtle soup and a reminder about consent
Apple's WWDC 2021 keynote event will be livestreamed June 7
How I met my partner on X/Twitter
Perspiration is now festive thanks to a sweat
Speed up your iPhone typing with some awesome keyboard shortcuts
'Cruella' review roundup: Here's what critics are saying
Trump's foreign aid freeze halts funding for digital diplomacy bureau
9 best tweets of the week, including Mare, LSD, and Macbeth
The Portable Workstation: Dell XPS 13 + 32 UltraSharp 4K Monitor
Grad student created an amazing Rubik's Cube prototype for the blind
BTS melts hearts and YouTube records with new single 'Butter'
Tiffany Haddish had the distinct honor of teaching Barbra Streisand all about Cardi B
9 Tech Products That Were Too Early to Market
How to see who is watching your Netflix account
New Zealand politician's 2013 same
Teen punk band's new song about 'Racist, Sexist Boy' band goes viral
Sri Lanka vs. Australia 2025 livestream: Watch 1st ODI for free
'In The Heights' raises the bar for movie musicals: Movie Review
Apple 2017 5K iMac 27Runaway portable toilets menace fleeing passerby during Moscow stormIndiana GOP asked for Obamacare horror stories and got tons of praise insteadCelebrate gaming's real patriots this Fourth of JulyTennis fans queuing all night for Wimbledon opening is ridiculously BritishAfghanistan's version of 'Sesame Street' promotes gender equality with a new muppetXiaomi and Nokia's new multiWhy are these weird distorted brand logos so funny?Anthony Bourdain's review of 'Baby Driver' is extremely Anthony BourdainThere are billions of grains of revenge in this antiThe best games coming out in the rest of 2017Cristiano Ronaldo posts adorable photo with all his children and we're swooningChance the Rapper wrote a poem for his Tiny Desk Concert debutHere are the video games we're excited about in July 2017Giant iceberg poised to break off Antarctica is the size of DelawareShell takes down lifeGame of Thrones Season 7 will make Hardhome look like child's playPatient details being sold on the darknet points to a 'troubling trend in the future'Apple's upcoming iPhone 8 might come without Touch ID, and I'm worriedLindsay Lohan just wants everyone to stop bullying Trump What's up with Twitter's sports explore tab? Prenatal genetic testing can raise as many questions as it answers Watch a reporter's close call with a lightning strike on camera Mr. B the enormous cat has found a new home Nicki Minaj posts powerful tweets about abusive relationships Uber driver plays his own 'Old Town Road' remix dedicated to his cat Find My app may have saved the life of a car The 9 biggest tech deaths of 2022 Can I get paid if my flight is cancelled or delayed? Are you about to not be stressed out? Check your Apple Watch. 'Quordle' today: See each 'Quordle' answer and hints for January 4 Wordle today: Here's the answer, hints for January 1 Andrew Tate detained in Romania on rape and human trafficking charges Elon Musk says Twitter view count will soon be optional Youth pastors are deeply uncool, but this TikTok priest is leaning into it Apple Watch feature faces accusations of racial bias in new lawsuit American Girl releases first South Asian Girl of the Year doll Hugh Grant demolished PM Boris Johnson in a gloriously savage tweet 17 times parents helped their kids cheat the system 'Quordle' today: See each 'Quordle' answer and hints for January 2
3.0149s , 10137.234375 kb
Copyright © 2025 Powered by 【Room Girls Sex Skill】,Pursuit Information Network