Hackers have homo eroticism in literaturediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Best robot vacuum deal: Save $350 on the Eufy X10 Pro Omni
Best kitchen deal: Smart tea kettle deal
Shop our favorite iPad for reading for just $379.99
Apple's iPhone will finally stop cutting off your music while taking a video
Early Prime Day deals on self
'Stray' coming to Nintendo Switch this November
Best camera deals: Snap a picture with the best camera deals this week
NYT Strands hints, answers for August 8
Man City vs. Real Madrid 2025 livestream: Watch Champions League for free
Legion Go Lite: Lenovo appears to accidentally leak new Steam Deck rival
Precursors to Today's Technology: These Products Had the Right Vision
A violent event occurred on Alaska's fat bear livestream
Best headphones and earbuds deals: Shop Sony, Bose, and Apple
TikTok Spotlight is a new in
NYT Connections hints and answers for February 1: Tips to solve 'Connections' #601.
'False, misleading and damaging': Microsoft slams Delta for CrowdStrike outage blame
Best kitchen deal: Smart tea kettle deal
NYT Strands hints, answers for August 6
Blockchain Explained: How It Works, Who Cares and What Its Future May Hold
Cash App settlement: How to claim up to $2,500 if you're eligible
Elon Musk's army of inactive followers paints a bleak picture of X as a wholeThe Morning News Roundup for July 25, 2014Where to buy vaccine card holdersRon Watkins said he had election fraud evidence. Instead he sent QAnon believers spam.David Lynch, Hiding in Plain Sight'Ice Planet Barbarians' review: The TikTok alien porn book deliversThe Golden West: An Interview with Daniel FuchsGod, Olivia Rodrigo's 'SOUR' merch is brutalWordle today: Here's the answer and hints for August 22A Blackpink experience arrives in Roblox on Aug. 25The Morning News Roundup for July 23, 2014The Best MedicineBest speaker deal: JBL Boombox 3 on sale for 20% off at AmazonOlder Twitter posts get effectively wiped out by X photo glitchThe Best Medicine'Quordle' today: See each 'Quordle' answer and hints for August 22, 2023On TikTok, being 'written by a woman' is the ultimate complimentWomen’s World Cup 2023 final livestream: How to watch England vs Spain for freeUSDA announces $667 million ReConnect Program for rural internet accessGoogle dedicates its Doodle to getting people Covid vaccines The best films on Hulu China’s private space company LandSpace launches first liquid oxygen Best Echo deals: Grab an Echo Pop and smart color bulb bundle for $30 off Satellite images of Earth taken from an angle show the world in new beauty Hubsan unveils cut Beyoncé's 'Cowboy Carter': social media reactions How to cancel your Spotify Premium subscription How to setup and use Apple Pay OpenAI previews Voice Engine, synthetic voice creator Rhino experts are not expecting to save threatened species with IVF Foxconn in talks with TSMC and TMH to build fabrication units in India · TechNode How to watch 'Wish': Disney's latest is streaming in 2024 NYT's The Mini crossword answers for March 30 Geely and Renault partner to develop gasoline engines and hybrid technology · TechNode Platypus milk aids fight against antibiotic resistance, report says Toyota to sell hydrogen Saudi Arabia signs $200bn solar deal with Japan's SoftBank Intel launches Habana Gaudi 2 deep learning accelerator card for Chinese market · TechNode Floorcare deals at Amazon: Up to 33% off Shark and Bissel TikTok is more mindfulness
3.1334s , 8288.234375 kb
Copyright © 2025 Powered by 【homo eroticism in literature】,Feast Information Network