Set as Homepage - Add to Favorites

【softscreams.com eroticism of hinduism】

Source:New Knowledge Information Network Editor:Social Good Time:2025-06-27 01:36:25

Hackers have softscreams.com eroticism of hinduismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.

A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."

Chrome profile takeover

At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.

Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.

When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Chrome browser takeover

The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.

Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.

After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.

Device takeover

The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.

Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.

What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.

As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.

Featured Video For You
DeepSeek's privacy policy isn't so private

Topics Cybersecurity Google

Previous:Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy

Next:How to survive Valentine's Day when you're heartbroken

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Somebody bid $15k on a bottle signed by waterElon Musk has deployed Boring Co., SpaceX team to help save Thai kidsHBO's 'Sharp Objects' is a mustThe ultimate MashReads guide to summer readingSony mistakenly uploads entire movie on YouTube for free5 children's books about immigrant and refugees every kid should read3 women hailed as heroes after thwarting alleged date rape attemptDad shares what it's like to stay at home with kids and it's not prettyNetflix is removing written user reviews5 children's books about immigrant and refugees every kid should readWorld Cup presenter's delirious reaction to England winning on penalties is everythingKeri Russell may be joining the cast of 'Star Wars: Episode IX'Elon Musk building 'kidYelp can't be forced to delete your terrible, mean comments, court rulesRubio apologized to Trump for implying he had a small penisSony mistakenly uploads entire movie on YouTube for freeSuperbug resistant to lastApple Music is beating Spotify in the US with more subscribersSouthern Lights come to life in video from International Space StationDad shares what it's like to stay at home with kids and it's not pretty 'Wordle' today: Here's the answer, hints for May 8 Trump's Nike tweet proves you should never ask a rhetorical question on Twitter Which iPhone models are obsolete? Clearview AI's creepy facial Elon Musk changes Twitter avatar to Bored Ape NFTs 'Wordle' today: Here's the answer, hints for May 11 Tesla might stop taking orders for some models amid huge demand Free Comic Book Day is here, so here's all the free comics you can grab BBC presenter's family pay hugely loving Twitter tribute following her death How Naomi Osaka uses meditation to boost her mental health Starlink's Portability feature lets you take your internet with you 'Doctor Strange in the Multiverse of Madness' mid Brett Kavanaugh snubs Parkland victim's father at Senate confirmation hearing Watch this chill lion climb aboard a safari vehicle full of tourists Steve Bannon disinvited from New Yorker Festival after outrage Scenes of joy as India finally decriminalises gay sex Elon Musk might become temporary Twitter CEO Sophie Turner and Joe Jonas perform fake makeout session for the cameras and yeah it's a lot Review: YSL's custom lipstick maker is impressive, but pricey Nike makes Colin Kaepernick one of the faces of its 'Just Do It' campaign

3.5412s , 10195.0234375 kb

Copyright © 2025 Powered by 【softscreams.com eroticism of hinduism】,New Knowledge Information Network  

Sitemap

Top

Quick Links