Hackers have george bataille eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
SpaceX is so close to turning its rocket headquarters into an actual city
Spring raises $65 million to fund a shopping mall on your smartphone
Netflix's new series is definitely going to make you paranoid about dating apps
This village in Indonesia is literally made out of rainbows
Swole Jeff Bezos joins Instagram to tease his new ROCKET FACTORY
Steve Harvey does NOT want anyone coming into his dressing room
Homeowner sues Zillow for allegedly undervaluing her home
First look at Windows Story Remix, the app that turns anyone into a Hollywood director
Best AirPods deal: Apple AirPods 4 for $99.99 at Amazon
Houston Rockets' kiss cam told one fan exactly where he stood with his friend
Blockchain Explained: How It Works, Who Cares and What Its Future May Hold
Steve Harvey does NOT want anyone coming into his dressing room
A major clue has us thinking 'Game of Thrones' trailer will be arriving very, very soon
Magic Leap CEO tweets out a call to developers for secret program
Amazon CEO tries to sell kids on working on the moon
Donald Trump slams 'no
Google's chat app Allo takes Bitmoji to the next level
First Hydra took Captain America, now they're taking the White House
NYT Connections Sports Edition hints and answers for January 28: Tips to solve Connections #127
We are what we wear — and that matters a lot in job interviews
Curious Punishments by Sadie SteinA Brief History of the Snowball Fight by Sadie SteinThe Morning News Roundup for February 17, 2014The Morning News Roundup for February 13, 2014Candlemas Day by Sadie SteinThe Paris Review and WikipediaWriters Remember Ronald ReaganRecapping Dante: Your MidRiver of Fundament by Andy BattagliaLast Chance to Subscribe to the Dual Paris Review and McSweeney’s Subscription DealWhat We’re Loving: Being Stranded, Being Stoned, Krumping by The Paris ReviewOur New Year’s Resolution: Stop Watching So Much Fucking TV by Dan PiepenbringOur Candy Print Makes the Perfect Valentine’s Day GiftVisible Man: An Interview with Mitchell S. Jackson by Tim SmallThe Morning News Roundup for February 12, 2014The Morning News Roundup for February 11, 2014I Hung Out at William Burroughs’s House When I Was NineteenAnnouncing The Paris Review’s 2014 Spring RevelSadie Stein on Decorator Dorothy DraperSadie Stein on R. S. Thomas’s poem “Luminary” Foxconn in talks with TSMC and TMH to build fabrication units in India · TechNode Automaker Smart plans to raise $250 Temasek China chief says AI companies in the A Toyota China issues door handle recall for bZ3 EVs co Mazda forecasts “tough” competition to worsen near China extends EV tax exemption until end of 2027 · TechNode Alibaba’s logistic arm Cainiao launches next Apple expands sales reach in China with launch of mini Alibaba’s intelligent services subsidiary launches new product to serve e AliExpress partners with PingPong to provide cross Court date set for NetEase and Blizzard’s $43.5 million compensation case · TechNode China to take “inclusive and prudent” attitude on ChatGPT Shop early Prime Day deals on Ninja kitchen appliances Nothing Phone (2) debuts in the US with transparent design · TechNode Geely and Renault partner to develop gasoline engines and hybrid technology · TechNode BYD's Atto 3 becomes first Chinese EV to receive Japan’s governmental grant · TechNode Understanding Machine Code vs. Bytecode Baidu launches SynClub, a social network populated by "AI friends" · TechNode Girl's wild frozen hair shows the power of the polar vortex China's biggest chip foundry SMIC appoints Liu Xunfeng as new chair · TechNode
2.5962s , 8287.2890625 kb
Copyright © 2025 Powered by 【george bataille eroticism】,Feast Information Network