Hackers have old couples sex videosdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Sri Lanka vs. Australia 2025 livestream: Watch 1st ODI for free
Still Life by Lynn Casteel Harper
Graciliano Ramos and the Plague by Padma Viswanathan
The Winners of 92Y’s 2020 Discovery Poetry Contest by The Paris Review
Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy
Redux: In the Latter Days by The Paris Review
In case you missed it, ChatGPT rival 'Copilot' is now on iOS and Android
The Ancestry Project by Mariah Stovall
Amazon Prime members gets 10% off Grubhub orders through Feb. 17
How an average Joe became 'The Holdovers' cheered scene
Elon Musk's DOGE.gov website can apparently be edited by anyone
Let It Burn by Robert Jones, Jr.
Still Life by Lynn Casteel Harper
July 7 by Bernadette Mayer
Best free gift card deal: Get $10 Best Buy gift card with $100 Apple gift card
The Art of Distance No. 14 by The Paris Review
Wordle today: The answer and hints for December 30
My Lighthouses by Jazmina Barrera
Meta says some AGI systems are too risky to release
The Art of Distance No. 12 by The Paris Review
Do Andrew Garfield and Tobey Maguire appear in 'SpiderWhy 2021 was the year of wireless earbuds'Station Eleven' Review: HBO Max delivers a beautiful and optimistic pandemic story.Pornhub is now selling socks for, well, whatever workout you wantTikTok now has a Discord serverFilm Academy expels Bill Cosby and Roman PolanskiRyan Reynolds responds with the perfect fart joke after Blake Lively unfollowed him on InstagramWhy 2021 was the year of wireless earbudsTikTok now has a Discord serverAt long last, we know the 4 words every girl wants to hear"The Witcher" Season 2 review: Geralt is back and he's dad nowThe best canceled TV shows of 2021 and where you can still watch themQueer astrology is having a moment. And it's a big one.Guillermo del Toro's 'Nightmare Alley' is derailed by Bradley CooperMeghan Markle gets her very own waxwork and it's pretty uncanny tbhTinder user got creative, sent match a thrilling interactive storyNever forget that Donald Glover achieved early internet fame with a sketch about pooping his pantsEverything coming to Netflix in January'The Matrix Resurrections' review roundup: What do critics think?Honor announces foldable smartphone, the Honor Magic V Cyber Monday Xbox deals 2023: Save on 'Assassin's Creed' franchise, more Coyote Doggirl in “Nice to Be Alone” V. S. Naipaul, the Man Versus the Work The Historical Future of Trans Literature All the best Cyber Monday deals on Sony headphones and earbuds Reopening the Case Files of Leopold and Loeb The Answers Are Not Important: An Interview With Catherine Lacey Like You Know Your Own Bones by Crystal Hana Kim Cyber Monday Anker Soundcore deals: headphones, earbuds, speakers 30+ Cyber Monday gaming keyboard deals 2023 Best early Cyber Monday Roomba deals at Amazon 2023 8 Bose Cyber Monday deals: QuietComfort Earbuds II and more Leonor Fini: Theatre of Desire by The Paris Review Cyber Monday unlocked phone deals: Apple, Google, Samsung, more Poetry Rx: Listen I Love You Joy Is Coming Ms. Lucy's Steamboat by Jason Novak Pop Songs Written by Native Speakers of Swedish 180+ Cyber Monday gaming deals: 30% off PlayStation Plus Writers’ Fridges: Walter Mosley Holy Disobedience: On Jean Genet’s ‘The Thief’s Journal’
2.6205s , 8612.8203125 kb
Copyright © 2025 Powered by 【old couples sex videos】,Warmth Information Network