Hackers have eroticism moviesdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
The Steam Machine: What Went Wrong
The enduring excellence of 'Event Horizon,' a true Halloween fave
Apple pulls iOS 13.2 update for HomePods after bricking devices
Trump cyber czar Rudy Giuliani had to visit an Apple Store to unlock his iPhone
In Paris Agreement speech, Trump never acknowledged the reality of global warming
'The Last Jedi' Part 2: New Star Wars novel reveals what came next for the Resistance
Gift bag meant for Oscar nominees includes a pelvic floor exercise tracker
Uber CEO's memo on diversity could use a fact checker
Best free gift card deal: Get $10 Best Buy gift card with $100 Apple gift card
Facebook leaves no doubt: It's the right wing's social network now
Internet for All
Papa John's jack
8chan returns with a new name and a reminder not to do illegal stuff
Netflix's 'Fire in Paradise' offers sobering look at wildfires: Review
Trump who? Tech giants join massive effort to uphold Paris Agreement
Blizzard president apologizes for 'failure' in Hong Kong debacle
9 'Game of Thrones' ancestors who might star in 'House of the Dragon'
Reese Witherspoon, Mindy Kaling and Oprah Winfrey are having a blast in New Zealand
Assassin's Creed Origins: How Heavy is It on Your CPU?
8chan returns with a new name and a reminder not to do illegal stuff
Lawmaker filmed using the nApril the giraffe is pregnant again, and we're already tiredDetermined girl refuses to let wisdom teeth surgery keep her from BeyoncéFears of Clippy the paperclip resurface after Microsoft buys LinkedInArya Stark's miraculous recovery did not convince a cynical InternetArya Stark TAustralian music festival criticised for including only one woman in lineupArya Stark's miraculous recovery did not convince a cynical InternetGoogle Chrome is labeling any website not using HTTPS as "not secure"10 years later, a look back at 'Step Brothers'The best ambient noise websites for when you need a breatherYouTube is making hashtags more visible — but it’s still missing the pointMars is brighter than it has been in years. Here's how to see it.'Rick and Morty' coeBay will begin rolling out Apple Pay this fallHow to curate a great summer party playlist9 things you need to know about how to behave around assistance dogs'Game of Thrones' final season coming in first half of 2019Hillary Clinton guest spot on 'Madam Secretary' hyped with epic photoThe English rose is this summer's hottest men's grooming look 5 movies we're looking forward to in 2017 Sylvester Stallone isn't being too sly about this 'Rocky' villain's return Alleged hackers behind NotPetya demand $260,000 bitcoin ransom Everyone calm down: Ed Sheeran isn't quitting Twitter Viral NYC subway photo shows America at its best Trump posts body slam video after defending his "modern presidential" Twitter claim Fair warning, body 5 sports storylines we can't wait to see unfold through the rest of 2017 Patient details being sold on the darknet points to a 'troubling trend in the future' 'Destiny 2' introduces a new raid with a very specific focus Cosplayers dress up as a literal video game menu and it's amazing Apple 2017 5K iMac 27 Blizzard reveals what Doomfist has been up to in 'Overwatch' Thomas crawling out of his tank engine will haunt your dreams A dark web marketplace went down, and oh boy did its customers freak out Woman snaps a casual selfie while her sister gives birth in the background The internet has a lot to say about the 'Stay Woke' category on 'Jeopardy!' NPR tweeted the Declaration of Independence; Trump supporters got mad So long, paper tickets. Ticketmaster will soon let you check into events with a quick tap and go Giant iceberg poised to break off Antarctica is the size of Delaware
1.8175s , 10194.921875 kb
Copyright © 2025 Powered by 【eroticism movies】,Feast Information Network