Hackers have real massage sex videodiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
A hedgehog blown up 'like a beach ball' was popped in life
Apple and Facebook could be asked by Australia to build tools to get around encryption
Flower power: Woman creates elaborate works of art only using plants
Google's Project Bloks designed to get kids programming early
Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy
Instagram users are reporting the same bizarre hack
Here's what more than 400 electric guitars trying to break a world record sounds like
Farmers are now using literal lasers to scare birds away from their crops
The Year in Tech: 2014 Top Stories
Farmers are now using literal lasers to scare birds away from their crops
Clean energy projects soared in 2016 as solar and wind got cheaper
'Crazy Rich Asians' already has 100% on Rotten Tomatoes
This may be the worst flub in game show history
China's Taobao sells 'breakup insurance' for Taylor Swift's love life
How I met my partner on X/Twitter
China's Taobao sells 'breakup insurance' for Taylor Swift's love life
All the post
China's Taobao sells 'breakup insurance' for Taylor Swift's love life
The Portable Workstation: Dell XPS 13 + 32 UltraSharp 4K Monitor
All 20 Marvel Cinematic Universe movies are coming to IMAX
Apple's AirPower is canceled, but at least we have these memesWell, that incredible optical illusion at the Louvre has been destroyed by the publicTwitter's new dark mode is actually black and it's gloriousAmazon reportedly plans to launch Prime, Amazon Fresh in SingaporeWatch a wiggly baby rhino take its very first bathThe Humm.ly app uses music to tune out stressful thoughtsWoman sexually assaulted by Brock Turner shares emotional essay about being a survivorWoman sexually assaulted by Brock Turner shares emotional essay about being a survivorWhat is going on with Lindsay Lohan's bizarre accent?The r/Games subreddit is closed to make users rethink spreading hateNew 'Game of Thrones' images are all about Daenerys TargaryenNew video imagines a scary day in the life of Trump's AmericaThe bunnies in Jordan Peele's 'Us' are ruining Easter for peopleApple officially cancels AirPower wireless charging mat100% pure UPS guy takes selfies with all the neighborhood dogsFacebook makes vague noises about 'restrictions' on live video after tragedyNew video imagines a scary day in the life of Trump's AmericaWatch this shark swim right below surfers like its NBDAlton Sterling's son spent his 16th birthday with Kanye West and Kim KardashianApple's AirPower is canceled, but at least we have these memes This adorable third grade class just dropped the best 'Old Town Road' remix How Google is helping scammers via Google Sites 'Quordle' today: See each 'Quordle' answer and hints for October 29 'Bring Your Kids to Work Day' didn't go so well for Sarah Huckabee Sanders Teacher warns students not to spoil 'Avengers: Endgame' with fantastic note The new Call of Duty sees players assassinate a totally Private Twitter accounts vs. Twitter Circles: Which is a more useful tool? Terrified Londoner live 12 gifts for people who need to organize their tech Chase bank tried to be relatable on Twitter and got absolutely dunked on Poynter takes down database meant to spotlight fake news and biased sources Elon Musk suggests bringing back Vine, asks MrBeast for ideas Congressman brings bucket of chicken to hearing after Barr doesn't show People are sharing videos and pictures of their college professors being ridiculous Twitter might let users put videos behind a paywall Why Thursday's 'Superstore' is part of a pivotal Hollywood moment It turns out purposely messing with your targeted ads isn't a good idea 'Quordle' today: See each 'Quordle' answer and hints for November 2 ACLU says ICE and CBP searching electronics violates the Constitution Crypto exchange Deribit loses $28 million in a hack
3.2477s , 8611.234375 kb
Copyright © 2025 Powered by 【real massage sex video】,Steady Information Network