Hackers have Watch Wife Having Sex In Front Of Husband Onlinediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Touring Logitech's Audio HQ
Let this husky playing in fallen leaves be the cure to your autumn blues
'Wordle' today: Get the answer, hints for June 28
Elon Musk's Starlink satellite internet shows big speed jump in first official year
Best Amazon deal: Save 20% on floral and botanical Lego sets
This losing lottery ticket is the most painful thing ever
'Wordle' today: Get the answer, hints for July 2
What everyone's watching: The most streamed movies this week (June 25)
We'll always, er, sorta, have the Paris Climate Agreement
NFT marketplace OpenSea user email addresses leak after data breach
Ms. Frizzle spotted at Science Marches across the globe
Check out this beautiful sky penis the Marines drew over California
Watch this joyous pup jump into a gigantic leaf pile
Elon Musk's Starlink satellite internet shows big speed jump in first official year
NYT Connections Sports Edition hints and answers for January 28: Tips to solve Connections #127
11 burning questions for 'Stranger Things 4: Volume 2'
FBI: Scammers are interviewing for remote jobs using deepfake tech
Twitter shames Trump for doing the absolute least in the wake of explosive devices
Sri Lanka vs. Australia 2025 livestream: Watch 1st ODI for free
Elmo just got his COVID vaccine and we're so proud of him
Introducing the most awkward three200 Malaysian taxi drivers hold 4Thanks to *NSYNC's Joey Fatone, you might be one step closer to the perfect hot dogMen gaze lovingly at their beer belly babies in new German adsHow long does it take for today's violent wildfires to go out?'Diablo 3' invades the Nintendo Switch this fall200 Malaysian taxi drivers hold 4Inside MORE, the Las Vegas nightclub with its own cryptocurrencyElon Musk's Boring Company wants to build a tunnel to Doger StadiumThanks to *NSYNC's Joey Fatone, you might be one step closer to the perfect hot dogHow to completely delete Facebook from your lifeHow to completely delete Facebook from your life'Game of Thrones' star says final season will be 'heartbreaking'Omarosa book review: This is what complicity looks likeTwitter’s relationship with third'Crazy Rich Asians' is romantic comedy heaven: ReviewTurkey is boycotting iPhones, but it hurts Turkey more than AppleKim Kardashian displays how to respond to sexy Kim Kardashian photosMan catching a breeze on a subway grate is the king of summerKim Kardashian displays how to respond to sexy Kim Kardashian photos Lenovo Yoga C940 (14 Poor goldfish got a custom tiny wheelchair and no one can handle it The Baby Yoda cocktail is the path to the drunk side These cute little succulents look like bunnies throwing up the peace sign Pixel 4 gets updated with better video calls, ever How modern witches are gathering online to stop Trump Tech companies to Trump: Your travel ban still sucks (and we're here to help strike it down) 10 of the cutest aliens and droids in Star Wars, including Babu Frik Boeing's Starliner didn't reach the ISS, but it made history BBC Dad's kids are your new IDGAF heroes Fake Apple products that were released in 2019 This new EV has a 'California mode,' and it's as chill as it sounds Uber Air set to take off with Joby electric air taxis Apple Glasses may include some of these features Everything coming to HBO Now in January 2020 What went wrong with the Boeing Starliner launch Motorola's foldable Razr is delayed because it's already too popular Australia just had its hottest day ever... two days in a row Rey's revelation in 'Rise of Skywalker' changes Star Wars for the worse The Fleshlight Launch is basically a giant robot hand you can hump
2.8333s , 10137.4453125 kb
Copyright © 2025 Powered by 【Watch Wife Having Sex In Front Of Husband Online】,Openness Information Network