Hackers have moji eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
11 Tech Products That Were Supposed to Fail... But Didn't
Taylor Swift fans call 'Ginny & Georgia' joke misogynistic
World's strongest man casually bends frying pan, lifts BBC presenter over his head
Barack Obama's letters to a college girlfriend are finally seeing the light of day
E3 2017 Trailer Roundup: Upcoming PC Games
iPhone 13 rumors suggest smaller notches, bigger battery
WhatsApp's desktop app is finally getting voice and video calls. There's just one catch.
Amazon changes app icon again, ditching that problematic 'mustache'
New 'browser syncjacking' cyberattack lets hackers take over your computer via Chrome
'The Climb 2' is a thrilling VR free solo adventure that doubles as an arm workout
Apple's newest ad makes a haunting plea to take climate change seriously
The Yoto Player puts kids in charge of story time
Ariana Grande kneels on very tiny stool, becomes very big meme
5 places to play free online math games for kids and adults
Trump praises storm response as historic disaster unfolds in Houston
Oh my gosh, Blac Chyna is suing the entire Kardashian
'Things' app review: A smart tool to help you get things done
Why "WandaVision" hits so hard during the isolated grief of a pandemic
Miami Heat vs. Brooklyn Nets 2025 livestream: Watch NBA online
'Things' app review: A smart tool to help you get things done
New photo shows stellar life and death thousands of lightFor 17 hours, Dallas PD called an innocent man a suspectLlama drama: A few woolly friends might snarl Tour de France routeYes, Michael Jackson really was on 'The Simpsons'You won't want to put this twoDoes Louis C.K. deserve a comeback? Evidently, it doesn't matter.President Trump forced to unblock dozens of Twitter users after court rulingGoogle Assistant can now understand two different languages at onceGoogle's Android One program is an evolution of the Nexus initiativeLana Condor shares adorable story about 'To All The Boys...' coHuawei embraces sliding phones with Honor Magic 2Sony's 1000XM3 noiseBalenciaga's $9,000 coat is pretty much a bunch of jackets on top of each otherWest Bengal asks colleges to have separate toilets for transgendersDisney emojis are about to become a part of your worldHalle Berry has something to say about young Prince Harry's dorm poster of herRescued baby beaver takes a dip in the poolSteven Universe is the best kid's cartoon for adult audiences, periodOur first look at the flagship 2018 iPhones is hereStormzy encourages the UK not to ignore U.S. police violence Best charger deal: Get a Spigen charger for a record NYT Connections Sports Edition hints and answers for May 14: Tips to solve Connections #233 Narwal Freo Z10: $200 off at Amazon Best Android tablet deal: Save $70 on the Samsung Galaxy Tab A9+ Best security camera deal: Get a Google Nest Security Cam for its lowest price yet Is TikTok down? [May 2025] 4K TV deal: The LG 55 How Android 16 will fight scams for you Best power station deal: Save $330 on Jackery Solar Generator Explorer 500 Best Apple deal: Save $70 on Apple Watch Series 10 (GPS, 46mm) Apple finally rolls out CarPlay Ultra — with a catch Espanyol vs. Barcelona 2025 livestream: Watch La Liga for free 'Andor' season 2 finale, explained Sony launches new flagship XM6 headphones: Order them now Acer Chromebook 516 GE deal: Get it for just $450 Summer TV preview: All the TV shows you need to know, and where to stream them Best Apple deal: Save $19 on AirTag 4 Google's AI Mode is reportedly hitting the homepage Lego Classic Creative Brick Box: $17.99 at Amazon Philips now allows customers to 3D print replacement parts
3.0743s , 8287.1171875 kb
Copyright © 2025 Powered by 【moji eroticism】,New Knowledge Information Network