Hackers have video call sex indodiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Best GPU deal: GIGABYTE NVIDIA GeForce RTX 5080 is $1,349.99 at Best Buy
Gorilla Man is still crawling the London Marathon three days later
Dude trolls Starbucks baristas with a bunch of weird containers to fill up with coffee
Ikea responds back with sass to Balenciaga's copycat tote bag
Brest vs. PSG 2025 livestream: Watch Champions League for free
How a Hollywood writers' strike will affect your favorite TV shows
Beyoncé launches scholarship to celebrate anniversary of 'Lemonade'
Now we know when we'll see 'Star Wars Episode IX'
Assassin's Creed Origins: How Heavy is It on Your CPU?
This mobile game lets you 'clean up' plastic pollution from the ocean
Best free ChatGPT courses
Your headphones aren't spying on you, but your apps are. Here's why.
Soon you'll be able to experience what it feels to be an 'Alien' neomorph
Facebook's fake news problem was so bad even Barack Obama talked to him about it
GPU Availability and Pricing Update: April 2022
Murder victim's Fitbit led authorities to arrest her husband
Samira Wiley on 'Handmaid's Tale' and Margaret Atwood's NSFW Instagram comments
Let's face it: Flying cars are never going to be a thing
Amazon CEO tries to sell kids on working on the moon
Man attacks robot and humanity will probably pay for it one day
The iOS spiritual successor to 'Journey' gives hope for a better worldTwitter responds to Ed Sheeran's new music with a glorious meme festThe EU will investigate how Amazon handles retailers' dataHas South Korea really hired an official to monitor Donald Trump's tweets?With all eyes on Libra, Bitcoin drops below $10,000The Marvel Phase 4 thirst is already super powerfulTana Mongeau is more self aware than you thinkBernie Sanders blesses meme lovers with a poster'Marvel Ultimate Alliance 3' is a playground for Marvel stans: ReviewTesla's new safety report paints Autopilot in a good light, but it's not that simpleApollo 11 moon landing videotapes sell for $1.8 million at auction'Fortnite' event caps off Season 9 with an epic kaiju showdownThe Marvel Phase 4 thirst is already super powerfulSkip the smart diapers — babies don't need themInfamous 'CU in the NT' campaign gets tourism kudos despite obscenity rulingTesla's new safety report paints Autopilot in a good light, but it's not that simpleNick Offerman just trolled us all at CESNick Offerman just trolled us all at CESMarvel confirms 'ShangMarvel introduced a ton of new MCU actors at Comic Reddit bans all links to Russian state People are baffled by the number of water bottles Harry and Meghan were given in Ireland Kiwi the bird and his goth wife welcome 4 semi 'Dancing Hermione' casually stupefies everyone at Pride in London 'The Batman' Review: It's time for an R TikTok suspends livestreams in Russia a day after its 'state 'Succession' actor Arian Moayed reveals why Stewy sniffed lavender while facing Logan Roy Carl Pei's Nothing is reportedly working on a smartphone A voice coach weighs in on Julia Garner's 'Inventing Anna' accent. 'Queer Eye's first trans participant speaks out about the episode Ireland to vote on removing 'woman's place in the home' clause from constitution Pride may be over, but here's how to celebrate LGBTQ Wrath month Polar fitness app revealed sensitive information of overseas soldiers 'Euphoria' has a flashback problem Poco X4 Pro has AMOLED display and 108 How to start playing 'Dota 2' A collection of photos of Neymar lying on the ground. 15 best viral videos of 2018 (so far) Wikimedia is against European Parliament's Copyright Directive Ariana Grande didn't find Pete Davidson's joke about Manchester bombing funny
2.6786s , 10520.4765625 kb
Copyright © 2025 Powered by 【video call sex indo】,Charm Information Network