Hackers have homemade taboo sex videosdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Even Trump's Earth Day message was anti
Rich guy Leo DiCaprio surrenders priceless art in wake of embezzlement scandal
Jay Z has officially changed his name
9 of the most hilariously British reactions to the heat wave
Best GPU deal: GIGABYTE NVIDIA GeForce RTX 5080 is $1,349.99 at Best Buy
Snapchat says it is 'actively going after' political ads as revenue
How to cut ties with fast fashion when you really, really love clothes
Uber finally, finally adds tipping
How to quit social media: This Gen Z
Tyra Banks' son has mastered the art of 'smizing' in his first Instagram pic
Great white shark leaps into tiny boat, fisherman treats it like NBD
TV news reporter dies after being ejected from Revel moped
This dead hacker's account could be the key to the big Twitter hack
Uber jumps through hoops to keep drivers 'independent contractors'
Google's data center raises the stakes in this state's 'water wars'
Michelle Obama's latest Instagram post gives new meaning to squad goals
11 adorable twins to follow on Instagram if you can't get enough of Beyoncé's bey
Tinder and Delta want to help you pretend to be a world traveler on your dating profile
Best external hard drive deal:WD 5TB Elements for $114.99
Woman replaces her family photos with photos of her dog and it's genius
The Morning News Roundup for August 11, 2014The Morning News Roundup for August 5, 2014Danny DeVito gets his Twitter checkmark back after being temporarily unverifiedRepublican primary debate: How to factThe TikTok controversy over collecting human bones, explainedFitbit announces its new Charge 5 fitness trackerBest video game deals: Get a free video game with purchase at Amazon or Best BuyWhat does endemic mean for COVID?I’ve Got a SecretWordle today: Here's the answer and hints for August 24Facebook buried a report on popular posts. So much for transparency.Bama rush TikToks are huge, but so are takedowns of sorority cultureThe Morning News Roundup for August 6, 2014I’ve Got a SecretThe Morning News Roundup for July 31, 2014Common MisconceptionXbox Series X console wraps: Preorder info, price, release datesPlayStation Portal: Price, specs, and release dateRead Everywhere by The Paris ReviewSisyphus puns are on a roll on Twitter 'The Idol' episode 2: The most WTF scenes from 'Double Fantasy' The Library Fire: An Interview with Susan Orlean by Brent Katz The Smell of Dawn by Nina MacLaughlin Virginia Woolf’s Little Best Cyber Monday laptop deals 2023 from Apple, Best Buy, Dell, and more Can Blackpink's Jennie save 'The Idol' from itself? How I learned to embrace my blushing Cyber Monday streaming deal: 15% off Disney+ gift cards Best Cyber Monday iPad deals 2023: Still live Staff Picks: Shirkers, Sculptors, and Space Ghosts by The Paris Review The Draw of the Gothic by Sarah Perry Relive Taylor Swift's many eras at the Museum of Arts and Design Will there be a song of the summer? Spotify thinks so. “Why Do You Write Political Stories?” by Nana Kwame Adjei Donald Trump has been indicted again, and he's mad about it Staff Picks: Cameras, Colonnades, and Countesses by The Paris Review 80+ Cyber Monday Apple deals: AirPods Pro are $169 My Younger Brother Spreads His Palms, Maple Leaves: Yukio Mishima’s Haiku by Hiroaki Sato Google Drive: Users are reporting that their files have disappeared 15+ Cyber Monday 2023 Chromebook deals at Best Buy
1.9636s , 10520.53125 kb
Copyright © 2025 Powered by 【homemade taboo sex videos】,Steady Information Network