Hackers have Cumshot | Adult Movies Onlinediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Shop Owala's Memorial Day Sale for 30% off tumblers
Instagram redesigns home screen to showcase Reels, Shopping
How to start a climate strike at your school
Twitter launches its own version of Stories, calls it Fleets
Best robot vacuum deal: Get the Shark Matrix Plus 2
PS5 'Spider
PS5 'Spider
Golfer skims ball across a lake to sink ridiculously impressive hole
Stop Preordering Video Games
Google Photos is ending unlimited storage and people are not happy
Best Garmin deal: Save over $100 on Garmin Forerunner 955
Google's VR app Expeditions is going away, but it's not bad news
5 important details you may have missed from Apple's November event
Paul Lieberstein on playing Toby Flenderson and how 'The Office' taught him to act
Best Apple TV+ deal: Get 3 months for $2.99 monthly
Got a PlayStation 5? Here are the first settings you need to tweak.
UK politicians hold a tearful vigil for a clock because they clearly have nothing better to do
We're at a crossroads for free speech online, and it could change the internet as we know it
Trump's DEI keyword crusade hits the country's defense archives
A beginner's guide to urban foraging
Ham ice cream is the newest thing that no one asked forToyota restarts selfToyota restarts selfAttorney General Eric Schneiderman accused of sexual assault, resigns'God of War' sales break records for the PlayStation 4What to expect at Google I/O: Android P, Google Assistant, lots of AIEcoflow releases River Bank, world's most powerful charging stationDear Facebook: Please let me make my Facebook Spaces VR avatar fatWhat to expect at Google I/O: Android P, Google Assistant, lots of AIHawaii is the first US state to ban sunscreens harmful to coral reefsUK data regulator tells Cambridge Analytica to hand over user's data, or elseFacial recognition is coming to TicketMaster eventsRyan Reynolds wants a DeadpoolNew pickle ice cream isn't exactly what you think it isSorry, but those 'Inbetweeners' series 4 rumours aren't trueElon Musk DGAF what anyone thinks of himDoesn't a long list of kids dressing up as old people sound great right now?What to expect at Google I/O: Android P, Google Assistant, lots of AIUltimate 'Star Wars' fan runs Darth VaderYou might not like this botanist's detailed explanation of Baby Groot's biology Hey, Look, Everyone—It’s the Medieval Wound Man! No Work Today: Paintings by Parra In Memoriam: William Christenberry’s South I Will Pass Through This: Solace and Inspiration from Writers The Silent Now Online: “Marie,” a Short Story by Edward P. Jones A Letter from Allen Ginsberg Corrects the Record on LSD Gift Idea: Victorian Christmas Cards with Dead Birds Having Trouble Sleeping? Read This From the Archive: Writers to Put Their Finger on What Inspires Them Nine Paintings by Nicholas Krushenick Imagining “Heart of Darkness” As a Building Here’s Some Unusually Relevant Trollope for Election Night Does Your Wine Bottle Need a Short Story on It? (Hint: No) A Comics Adaptation of Sigizmund Krzhizhanovsky Wave Phenomena: Paintings by Ara Peterson Introducing the NYRB Classics + Paris Review Book Club From the Archive: Who’s This “Borges” Guy, Anyway? A Century Later, Clues in the Boston Molasses Disaster What Our Writers Are Reading This Month
1.5593s , 10134.6015625 kb
Copyright © 2025 Powered by 【Cumshot | Adult Movies Online】,Defense Information Network