Hackers have boogie nights eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Golden State Warriors vs. Los Angeles Lakers 2025 livestream: Watch NBA online
Police and kids dancing at Manchester concert becomes a symbol of defiance
Trump Twitter bot reminds us that all his tweets are coming from the White House
Hackers reportedly leaked eight episodes of Steve Harvey's unaired 'Funderdome'
Best free ChatGPT courses
Google Home outages reported as AI becomes even more important
Very determined man mows the grass as a tornado swirls nearby
Pussyhat Project cofounder launches the next big craftivism effort of the resistance
Boston Celtics vs. Dallas Mavericks 2025 livestream: Watch NBA online
Watch these celebrities kick off Immigrant Heritage Month in a powerful new video
Best LG B4 OLED TV deal: Save $200 at Best Buy
Apple will soon block autoplay videos and data tracking in Safari
Meet the 15
5 reasons Ariana Grande would make an excellent Prime Minister
Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy
Dramatic photo of Saturn shows off a tiny moon floating in the distance
Somewhere out there is a lost hip
Yeah, the Tinder pick up line from Master of None? It probably won't work for you.
The Best Sports Video Game of All Time
People are pretending the floor is lava and no, you haven't traveled back in time
Amazon Big Spring Sale 2025: Best air purifier deals from Dyson, Shark, LG, and moreStop Preordering Video GamesUGREEN Nexode 25000mAh 200W power bank drops to $79.99 at AmazonBest Bluetooth tracker deal: Save 29% on the Tile by Life360 Essentials bundleComparing Team Communication Apps: What Do You Get for Free?Best robot vacuum deal from the Amazon Big Spring SaleNintendo Switch 2 release date, price announcedAuburn vs. Creighton 2025 livestream: How to watch March Madness for freeTrump delays TikTok ban for another 75 daysStop Preordering Video GamesIs 'Sing Sing' streaming? How to watch the A24 drama at home.Amazon Big Spring Sale 2025: Best Apple deals on iPads, MacBooks, and more still live5 Affordable LastSunday's Fat Bear Week match pits two fat favorites against each otherAmazon Big Spring Sale 2025: Best portable speaker dealBestway HydroFinal Fantasy XV Mega CPU BattleNew Zealand will ban plastic bags for goodAcupuncture for pets is on the riseBest travel deal: Score the Frontier Go Wild! summer pass for just $399 Ring watched kids trick or treat and then bragged about it Facebook is testing encrypted video and audio calls Lovable prankster helps cats get adopted by giving them relatable name tags 'The Social Network' writer Aaron Sorkin rips Mark Zuckerberg in open letter Facebook leaves no doubt: It's the right wing's social network now Which new streaming service should you subscribe to? None of them The enduring excellence of 'Event Horizon,' a true Halloween fave Cops help 10 J.K. Rowling has the best response to Trump's non This egg inside another egg is a perfect YouTube specimen Donald Trump's company is hoarding thousands of website domains Waitress evicts huge, pesky goanna that snuck into her restaurant David Harbour cannot say this 1 simple word in hilarious 'Stranger Things' blooper Holiday takes an anti 9 creepy tech gadgets spookier than a Halloween movie 'Terminator: Dark Fate' is a robotic rehash: Movie review The new Microsoft Edge browser logo sure does look familiar Facebook proves once again that no scandal is big enough to really matter AirPods Pro and Android: Is it worth it? IKEA releases plans for a spherical garden you can build with tons of plywood and lots of patience
1.2235s , 10194.90625 kb
Copyright © 2025 Powered by 【boogie nights eroticism】,Steady Information Network