New research reveals a concerning vulnerability allowing hackers to gain remote control of computers via the Google Chrome web browser.
This sophisticated cyberattack, referred to as “browser syncjacking,” highlights major security concerns, according to a recent study by cybersecurity experts.
How Chrome Profile Takeover Works
The attack begins with a social engineering tactic, where the perpetrator convinces the user to download a malicious Chrome extension masquerading as a legitimate tool found in the Chrome Store. This extension, which requires minimal permissions, is designed to create an illusion of safety and efficacy. Notably, it often functions as advertised, further deceiving users.
Once installed, the extension secretly connects to an attacker-controlled Google Workspace profile. The hacker then directs the user to a seemingly genuine Google support page that has been altered to suggest the user must synchronize their profile.
When the user consents to the sync request, they inadvertently transmit sensitive information—such as saved passwords, browsing history, and autofill data—to the hacker’s profile, granting the attacker unauthorized access.
Implications of Browser Syncjacking
This initial breach equips the hacker with sufficient data to engage in fraudulent activities. However, the browser syncjacking technique offers even broader capabilities.
For instance, by utilizing the malicious extension, attackers can redirect victims to a modified Zoom webpage encouraging them to install a phony update. In reality, this download installs a harmful executable that enrolls the Chrome browser into the hacker’s Google Workspace.
With this compromised connection, the hacker can access vital information across the user’s accounts, including Google Drive and email.
Complete Device Takeover
The browser syncjacking threat extends beyond just accessing the Chrome profile; it can also lead to total device control.
Through the malicious download, attackers can leverage Chrome’s Native Messaging protocol to inject a “registry entry to message native apps.” This means they establish a direct link between the malicious extension and the user’s system, allowing them to issue commands remotely.
Armed with this level of access, hackers can manipulate system settings, create backdoors, and steal sensitive data, including passwords and financial information. Furthermore, they can exploit device functionalities to spy on users through webcams, capture screenshots, record audio, and monitor keystrokes.
Given the stealthy nature of browser syncjacking, it is crucial for users to be vigilant about what they download and to only install trusted Chrome extensions to safeguard themselves against these rising cyber threats.
Topics
Cybersecurity | Google
