Hackers have girl with sharpie video sexdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Investors Sought for Fund to Preserve Little Tokyo
Deadpool’s woman problem has been haunting me for years
Good news you might have missed from Election Day 2020
Apple to hold another event on November 10
Crisis Helpline Worker Retires After 29 Years of Service
What Prop. 22 could mean for the gig economy nationwide
Sean Connery, famed James Bond actor, is dead at 90
Facebook bans hashtag searches for #StopTheSteal and #SharpieGate conspiracy theories
‘Portraits of Courage’ to Celebrate JA WWII Vets
Robocalls, WeChat messages, and more spread misinformation on Election Day
MIS Veteran’s Story Told in New Book
'Chicago 10' tells the true story behind Aaron Sorkin's Netflix drama
How to make money on Zoom and Facebook classes
What really happens if Republicans get rid of Section 230
A New Year in San Gabriel Valley
The Section 230 hearing with Zuckerberg, Dorsey, Pichai was a sham
Zoom's new feature makes sure you'll catch every word of the meeting
#SharpieGate: Debunked conspiracy theory leads to scary situation in Arizona
Deukmejian Remembered
Good news you might have missed from Election Day 2020
This Twitter bot forecasts the weather with emojiFrench officials respond to Trump's suggestion for putting out the NotrePride 2025: Major tech companies go silentWe regret to inform you that this brand tweet about St. Louis food is funnyBarbie may not be out of the closet yet, but her fans sure areThe internet can't cope with BTS' new video for 'Boy With Luv'Klarna launches integrated mobile phone plan to its appFox News reporter wears a protective vest at the border and spawns hilarious memesFrench officials respond to Trump's suggestion for putting out the NotrePride 2025: Major tech companies go silent Top 10 most popular GIFs of 2019, according to Giphy MacBook Pro keep shutting down? Apple has a weird fix. 2020 iPhones will come with smaller and larger screens 'Servant' review: Apple TV+ delivers a stylish and slow mystery Elon Musk defends his right to be a Twitter troll at 'pedo guy' trial Submit your product for Mashable's 'Best Tech of CES 2020' I'm living for the weird Disney+ '60s and '70s gems that I'd forgotten Snap unveils Gucci 'Operation Dumbo Drop' on Disney+ is the strangest war movie ever Craigslist finally releases an iOS app in *checks calendar* 2019
0.1406s , 10326.3125 kb
Copyright © 2025 Powered by 【girl with sharpie video sex】Enter to watch online.New 'browser syncjacking' cyberattack lets hackers take over your computer via Chrome,Global Perspective Monitoring
