Hackers have romantic sensual sex videosdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Best AirPods deal: Apple AirPods 4 for $99.99 at Amazon
#WomenBoycottTwitter is just another hashtag too late for women of color
Sophie Turner and Joe Jonas are officially engaged
Librarians recreate a classic Kardashian family photoshoot
SpaceX will try to achieve 2 impressive feats on Monday
#WomenBoycottTwitter: Twitter protest arises following Rose McGowan's suspension
Does anyone actually like Clubhouse?
Uber asked its drivers about working for the app. They didn’t hold back.
Best LG B4 OLED TV deal: Save $200 at Best Buy
15 best tweets of the week, including Sisyphus vibing, Beeple, and 'Wandavision'
Best external hard drive deal:WD 5TB Elements for $114.99
Makha Bucha Day had 200,000 Buddhists celebrating over Zoom: Photos
Professor gives an explosive rant against pomegranates, but there's a good reason
Google Photos will now recognize pictures of your pets
Optogenetics: A Virtual Reality System for Controlling Living Cells
‘Magic: The Gathering’ Time Spiral Remastered gives angels a new vintage look
Trump says he met the President of the Virgin Islands ... which is him
LG's rollable Android phone might not happen, report says
Houston Rockets vs. Dallas Mavericks 2025 livestream: Watch NBA online
Newest Las Vegas 'slot machine' is 11 stories tall and dispenses used cars
Conor McGregor gets slammed for Instagram post about PutinChrissy Teigen's dad had the most dadApple takes store down ahead of 'Peek Performance' eventSister Helen Prejean's Twitter account is a gift to sad heartsApple 2022 event: How to watch the March 8 'peek performance' livestreamCan an app help reduce your mental load as a new parent?Dog lovers are outraged by an opGiant Trump Baby blimp flies over London and it's making Donald feel 'unwelcome'Facebook appears to be testing a major redesign of its websiteApple Event: Despite 'celebrating women,' Apple called out during peek performance eventApple Event: Despite 'celebrating women,' Apple called out during peek performance eventApple Event: Tim Cook wears colors of Ukraine flag, seemingly sending silent supportMan sent to hospital after being injured by large penisA 'God of War' Amazon series? Christopher Judge is already the perfect Kratos.Apple Event: 'Peek performance' was for 'ultra' peopleDonald Trump Dalek is proof that Londoners sure know how to protestGeneral Motors pilots bidirectional charging between EVs and homesGoogle Pixel users can now use live captions during callsSacha Baron Cohen got a bunch of GOP congressmen to say arming toddlers is a good ideaWordle answers Feb. 28 The Subjective Fog: For Julian Hoeber by Jonathan Lethem Notes from a Bookshop: Early Autumn, or Winter’s Coming by Kelly McMasters Authors in Uniform, and Other News by Sadie Stein This Is the Way We Wash Our Clothes by Sadie Stein 'Quordle' today: See each 'Quordle' answer and hints for July 19 How to watch the 2023 FIFA Women's World Cup online for free Unconscious by Sadie Stein Jeeves, Redux, and Other News by Sadie Stein Literary Halloween This Is Spinal Fusion by Rebecca Buckwalter Tinder will give 500 lucky matches free COVID tests Wordle today: Here's the answer and hints for July 17 Wordle today: Here's the answer and hints for July 16 Eyes Have It by Sadie Stein Tesla starts production of long Neopets will finally fix its games in $4 million overhaul Called Back by Casey N. Cep What We’re Loving: Baseball, Giacometti, Literary Sprinting by The Paris Review Emily Dickinson Rage, and Other News by Sadie Stein Australia and the UK are protesting violence against women, and I am tired
2.54s , 10520.5546875 kb
Copyright © 2025 Powered by 【romantic sensual sex videos】,Exquisite Information Network