Hackers have filme erotice cu travestitidiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Tips for Playing PlayerUnknown's Battlegrounds
Every artwork to look out for in Beyoncé and Jay
Shut the f*ck up, Marco Rubio
Extreme volcanic eruptions may explain odd rock formation on Mars
Elon Musk told Donald Trump what to do about the Paris Climate Agreement
AT&T's acquisition of Time Warner is bad news
World Cup opening game proved a little tricky for people with colour blindness
Grimes is here to actually make you feel good about owning a Mac
Optogenetics: A Virtual Reality System for Controlling Living Cells
Refugee numbers at a 'record high' — here's how to fix that
Clean energy projects soared in 2016 as solar and wind got cheaper
Shane is returning to 'The Walking Dead'
Millie Bobby Brown shuts down bullies in no
Man casually rocks up to 'Incredibles 2' dressed as Frozone, yells the perfect quote
Trump says he represents Pittsburgh, not Paris, but, um, well...
Instagram will shame you when you've wasted too much time in the app
This country's prime minister intervened because people couldn't watch the World Cup
Amazon Prime finally launches in Australia, at half the U.S. price
Meta says some AGI systems are too risky to release
Shut the f*ck up, Marco Rubio
Trump thinks the food at MarMaster & Dynamic MW07 Plus wireless earbuds reviewHot Wheels unveils $400 remoteNew Apple patent is another hint that it may ditch iPhone's Lightning PortKatherine Johnson, NASA mathematician and subject of 'Hidden Figures,' dead at 101Keith Olbermann absolutely unleashes on President Trump, calls him 'President Jackass'Google Images will now give you fashion suggestionsGoogle Images will now give you fashion suggestionsNobody can figure out what this guy's promposal sign saysAntarctica's recordWatch Tesla's Cybertruck live its best life as an esports chauffeurHuawei's new foldable phone costs $2,700—and doesn't come with Google appsUber drivers could be employees... in BrazilGoogle searches for 'face mask' hit allTeslas are now smart enough to avoid McAfee's selfA Japanese company has invented sliced mayo and I want to try itPixar's 'Onward' brings weird, wonderful magic to adulthood: ReviewWild horse attacks alligator because nature is brutal. Also, Florida.Hot Wheels unveils $400 remotePixar's 'Onward' brings weird, wonderful magic to adulthood: Review Grammys 2017: 5 things to know about this year's nominees Eric Berry's poignant homecoming is this week's feel Drones capture first wintry wonderland weekend in the Midwest New animated short film reveals the anxiety and stigma of 'flying while fat' Dolly Parton's generosity continues with telethon for Tennessee fire victims 'The Last Guardian' is a half School district removes 'Huckleberry Finn' after complaint over racial slurs Chrissy Treigen is the official celebrity holiday pun of 2016 No, Netflix's ‘The Crown’ isn’t about feminism. It doesn’t have to be. So, that happened: Al Gore meets with Donald and Ivanka Trump on climate Burgers and burritos come together because goodness exists in the world 'Rogue One' director justifies reshoots: 'Star Wars has to be fantastic' Uber's artificial intelligence ambitions just got bigger Sticky tape playground is probably the most fun art installation ever These were the world's 10 most popular sports tweets of 2016 Justin Trudeau has worked his way back into our hearts Life's a beach: Australia's top 10 beaches named in new study 'Westworld' could be even better than 'Lost' in Season 2 Get thee to a TV and watch Russell Westbrook play NBA basketball Chapecoense awarded Copa Sudamericana title one week after devastating plane crash
3.1822s , 8287.2265625 kb
Copyright © 2025 Powered by 【filme erotice cu travestiti】,New Knowledge Information Network