Hackers have tarzan sex videodiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Trump says he represents Pittsburgh, not Paris, but, um, well...
Best robot vacuum deal: Save $200 on Eufy X10 Pro Omni robot vacuum
Looking Back at 2010: The Year's Most Relevant Tech Stories
Best Samsung deal: Save $50 on the Galaxy Watch FE at Amazon
Wordle today: The answer and hints for January 28, 2025
Brennan Lee Mulligan talks 'Dimension 20: Cloudward, Ho!'s breakout NPC
Sinner vs. Bublik 2025 livestream: Watch French Open for free
NYT mini crossword answers for June 3, 2025
The White House might have inflated Trump's golf record, because this is how we live now
Best Samsung deal: Save over $100 on Samsung Galaxy Watch 7 and SmartTag2 bundle
11 Tech Products That Were Supposed to Fail... But Didn't
Wordle today: The answer and hints for June 3, 2025
Today's Hurdle hints and answers for June 4, 2025
Brennan Lee Mulligan talks 'Dimension 20: Cloudward, Ho!'s breakout NPC
Trump who? Tech giants join massive effort to uphold Paris Agreement
Best Apple deal: Save $50 on 11
Samsung could pre
Will the Milky Way and Andromeda crash? Now scientists aren't so sure.
The Steam Machine: What Went Wrong
Best Samsung deal: Save over $100 on Samsung Galaxy Watch 7 and SmartTag2 bundle
PepsiCo India taps social media to hire millennialsThe next frontier in wearables is helping couples conceiveHere's Drake singing 'Bad Blood' because he really loves dramaLady Gaga'a countryPartying gets dangerous as teens Snapchat balcony hoppingPissed off fans get refunds after disastrous Kanye West showGoogle's AI Mode search tool gets a voiceA very messed up 'Cars 3' teaser trailer just fell out of the skyThousands of taxpayers don't want to pay for Buckingham Palace renovationGoogle's AI Mode search tool gets a voiceStrangers step in after woman unleashes racist rant on busMassive South Korean protests calling for President Park ouster continue in SeoulThis podcast will help you fall (and stay) asleepIndia's newest highway doubles up as runway for fighter jets to landCute Chinese robot loses control, smashes window and injures someoneStrangers step in after woman unleashes racist rant on busIs red wine destined to become the new rosé?LinkedIn thinks campus recruiting hurts tech sphere diversityMassive South Korean protests calling for President Park ouster continue in SeoulSamsung says Galaxy S7 has no battery issues YouTube CEO promises to do more for creators amid scandals Obama says he won't pardon Edward Snowden, despite pressure Gay woman buys dinner for the homophobic family sitting next to her Drake gave the perfect shout out to Arya Stark and everyone's in a spin Donald Trump cancels, then uncancels, meeting with the 'not nice' New York Times Bird's new monthly e 'Game of Thrones' power rankings: Who will take the Iron Throne now? Mark Zuckerberg says 'a private social platform' is the future at F8 'Game of Thrones': The meaning behind Arya's Valyrian dagger, explained Why 'Game of Thrones' is heading for a Stark family victory 'Top End Wedding' brings the rom Someone allegedly paid $250 for a replica of Squidward's self Everything Facebook announced at F8 2019 Oculus Quest is a VR gaming revelation, but who is it for? Taylor Swift says fans figured out the name of her album. Here are their best theories. Crowdfunding is giving parents all the baby gear they didn't know they needed The only good 'Game of Thrones' ending involves dead dragons New artificial intelligence technique could erase fear from your brain Wikileaks co The campaign for Energizer's 18,000mAh battery phone fails horribly
1.6791s , 8612.75 kb
Copyright © 2025 Powered by 【tarzan sex video】,Openness Information Network