Hackers have enemas for eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Cibao FC vs. Guadalajara 2025 livestream: Watch Concacaf Champions Cup for free
India's latest ban has Twitter in uproar
A personal thank you to the people who Snapchat their entire concert experience
All the terrible April Fools pranks brands want you to laugh at this year
A hedgehog blown up 'like a beach ball' was popped in life
Your internet privacy is gone and more sad news in podcast form
The New York Post's push alerts just got real dark
10 simple pranks for April Fools' Day
Best GPU deal: GIGABYTE NVIDIA GeForce RTX 5080 is $1,349.99 at Best Buy
15 crayon colors inspired by 2017 that Crayola can have for free
Apple is advertising on Elon Musk's X again
This super bizarre George Foreman tweet contains multitudes
John Oliver goes after Devin Nunes because it's about damn time
George Takei joked about running for Congress but we want it to be real
Elon Musk's DOGE.gov website can apparently be edited by anyone
Reddit's blank canvas experiment draws thousands together for epic battle
Neil deGrasse Tyson isn't riding SpaceX to Mars until Elon Musk answers this challenge
Airlines launch smart workarounds for electronics ban
Trump's foreign aid freeze halts funding for digital diplomacy bureau
J.K. Rowling has some heartfelt, uplifting advice for budding writers
Incarnadine, the Bloody Red of Fashionable Cosmetics and Shakespearean PoeticsHow VSCO evolved after a viral, eponymous trendWhere to Score: Classified Ads from HaightLooking for tax advice on TikTok? Beware of #TaxTok recommendations.Best pizza oven deals: Pizza ovens on sale for Pi DayDavid Lynch’s Night TruthsApple Black Friday deal is all about gift cardsThe best Black Friday Vitamix deals on blenders and full system, plus more blender dealsThe Last Tattooed Women of KalingaBuy High, Sell Cheap: An Interview with Alejandro JodorowskyThe best Black Friday Instant Pot deals for 2023Crossing OverCooking with Alexandre Dumas9 Black Friday air fryer deals: Instant Pot Vortex, moreThe Time for Art Is NowPoetry Rx: Lost Work, Paralysis, and Gun Laws2018 Whiting Awards: Antoinette Nwandu, DramaMoon phase and astrology compatibility explainedBuy High, Sell Cheap: An Interview with Alejandro Jodorowsky80+ Black Friday Apple deals: AirPods Pro are $169 Next iPhone might be able to wirelessly charge some Apple accessories Miley Cyrus celebrates 'Hannah Montana' anniversary with cute throwback photo MoviePass co America can literally run on Dunkin' with these new shoes Lupita Nyong'o and the stars of 'Us' rap about their characters: Watch 9 Vines that pretty much sum up what life is like in Australia Hillary Clinton's email nightmare resurfaces with 11 days to go Kylie Jenner's 'Dirrty' Christina Aguilera costume is pop culture perfection Amy Poehler would be totally up for a 'Parks and Recreation' revival Europe's first underwater restaurant resembles a shipwrecked monolith Women are sharing their experiences of receiving unsolicited advances from men Jaunt turns old gas cars into electric vehicles for road adventures Hold up, this tiny Beyoncé superfan has the cutest Halloween costume 'Us' nabs a $71.1 million opening weekend, one of horror's best ever Instagram artist brings weird seltzer water flavor fantasies to life Genius bong manufacturer loses Starbucks lawsuit The most beautiful, luxurious presidential endorsements infographic you will see today The rumored disc Western states accept their drought Girl who is way too young to watch primetime TV nails 'Walking Dead' costume
1.3867s , 8287.2109375 kb
Copyright © 2025 Powered by 【enemas for eroticism】,Wisdom Convergence Information Network