Hackers have naughty american sex videodiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
How I met my partner on X/Twitter
Overheard Haiku
An Interview with Shelly Oria
How 'Instagram therapy' helps normalize Latinx mental healthcare
Best iPad deal: Save $70 on 10th Gen Apple iPad
The Morning News Roundup for December 1, 2014
The Morning News Roundup for December 1, 2014
'Quordle' today: See each 'Quordle' answer and hints for September 6, 2023
Watch Chappell Roan's Grammy acceptance speech demanding healthcare for artists
Warm Up with Our Winter Issue
Cyrix: Gone But Not Forgotten
What teachers and parents wish they could tell kids about porn
An Interview with Gladys Nilsson
The Marquis de Sade at 200
Then and Now: 5 Generations of GeForce Graphics Compared
Who Are These Future Rock
The Urbane Turkey
'Quordle' today: See each 'Quordle' answer and hints for September 7, 2023
Trump praises storm response as historic disaster unfolds in Houston
Facebook is 'Meta' now and the internet is obviously dunking on it
How a pair of leather trousers reduced the government into a bunch of 'Mean Girls'Donald Trump believed a WWE storyline which explains a lotRichard Sherman thinks Thursday Night Football is an 'absolute poopfest''Pokémon Go' is now officially live in India, Pakistan and Sri LankaAmazon all set to launch Prime Video in IndiaMotorola's first allJill Stein wants moral high ground after cashing in on Trump fearCheck out all the new 'Overwatch' Winter Wonderland hero skinsThis new fingerprint tech could be the death of the iPhone home buttonJill Stein wants moral high ground after cashing in on Trump fearPlume is turboThis very NSFW nativity scene is causing outrage in Spain'Growing Pains' star Alan Thicke dies at 69From Soundcloud to the stage: Soulful R&B singer's major festival debutHere are all the new Pokémon you can get in 'Pokémon Go'Nonprofit offering mobile showers to the homeless is now way more than that'Pokémon Go' is officially launching in India tomorrowBeyoncé just swept up even more award nominationsPeople are using Kanye West lyrics to diss Kanye West in the wake of his Trump Tower visitSnapchat finally releases Groups feature Holidays, via The Paris Review by Sadie Stein Timothy Leo Taranto’s illustrated author pun of Ralph Ellison Big Trouble in Little Poland by Sadie Stein The Ghost of Christmas Past by Sadie Stein Sadie Stein on Missed Connections Comedies Are Too Depressing, and Other News by Dan Piepenbring Siri Hates Her, and Other News Animating the Diary, and Other News by Sadie Stein Harry Potter Looks Different, and Other News by Sadie Stein Scientists find proof of unprecedented sun explosion hitting Earth LA Story by Nathan Deuel What We’re Loving: Mouly, Minneapolis, Marié by The Paris Review Faulkner’s Cocktail of Choice Martin Amis Owes Everything to His “Wicked Stepmother,” and Other News by Dan Piepenbring Recap of Canto 14 of Dante’s “Inferno” Recapping Dante: Canto 10, or Why We Are Doing This by Alexander Aciman Drinking with the Factotum by Sadie Stein Life Sentence by Sadie Stein Coziness Porn, and Other News by Sadie Stein Hear Chinua Achebe Discuss Martin Luther King, Jr.
1.6424s , 10520.5703125 kb
Copyright © 2025 Powered by 【naughty american sex video】,Exquisite Information Network