Hackers have Lie with me explicit sex scenes (2005) - Lauren Lee smithdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
How to Get Your Significant Other Into Gaming
Let this accidental pasta smiley face fill you with the smallest amount of joy
How to hide likes on Instagram, because who cares, anyway
Twitter to let users buy stocks and crypto via eToro
Elon Musk's DOGE.gov website can apparently be edited by anyone
OpenAI announces ChatGPT bug bounty program with up to $20,000 in rewards
Instagram founders' news app Artifact rolls out community discussion features
FrolicMe's glossy videos are actual 'porn for women'
Apple is advertising on Elon Musk's X again
Conservative social media platform Parler acquired and then immediately shut down by new owner
AC Milan vs. Feyenoord 2025 livestream: Watch Champions League for free
Virtual dating FOMO is real. But don't feel pressured if it's not for you.
'Wordle' today: Here's the answer, hints for April 13
Spotify's new new 'Daily Wellness' playlist is worth a try but has a few flaws
Google's data center raises the stakes in this state's 'water wars'
'Succession': Tom doesn't use an iPhone. Here's what that might mean.
You can now meet and adopt a dog on Zoom
Supreme Court denies request by colleges to halt $6 billion student loan settlement
Best GPU deal: GIGABYTE NVIDIA GeForce RTX 5080 is $1,349.99 at Best Buy
What coronavirus outbreaks all have in common
Everything to know about Netflix's 'Shadow and Bone'A Super Mario game sold for $660,000, and no, it wasn't an NFTBath bomb destruction videos are a satisfying way to waste timeSomeone please put these classic science fiction novel stamps on my wallTrump in Japan: A wellHow to check if your Facebook data is being traded online by hackersGeorge H.W. Bush bashes Trump in new book, 'The Last Republicans'Little girl decided to dress up like her dog for Halloween and we're glad she didGoogle's I/O 2021 developer conference will be virtual and 'free'Sean 'Diddy' Combs has decided to change his name to 'Love'Clubhouse payments let you send money to creatorsWatch this student remix a Lil Uzi Vert song into study material'Primal' on HBO Max makes you feel deeply without a word: ReviewYahoo Answers is shutting downLil Nas X's 'Satan Shoes' will be recalled in settled lawsuit with NikeLittle girl lives her best life under a pile of puppiesApril the giraffe, known for her viral livestreamed pregnancy, dies at 20Audible now finds the best parts of romance novels for youTrump Jr. went as his dad for Halloween because he is a desperate manSamsung's new Galaxy A series phones offer options for all budgets Nintendo Online brings save back Elon Musk fires back, defends behavior on recent Tesla earnings call Ultimate 'Star Wars' fan runs Darth Vader Some suggestions for new Boy Scout Badges now that girls can join Jeffrey Tambor confirmed for 'Arrested Development' Season 5 Puerto Ricans never know if they'll have power. This is how they're surviving. Watch live as NASA launches its InSight mission to Mars on Saturday Céline Dion has a restraining order against Deadpool in this behind This comedy sketch about London street gangs is going massively viral The 10 best 3D printers for beginners 'The Merry Spinster' is a book of terrifying fairy tale retellings Toyota restarts self This is the one joke that was too much for 'Deadpool 2' Cities strive for improvement after Amazon HQ2 rejection Ariana Grande casually wore a Sistine Chapel fresco to the Met Gala Microsoft's future is the Azure Cloud, AI, and Microsoft 365 Apple says to fix Face ID problems via the rear camera People don't totally love the 'Westworld' India park Windows 10 is getting a great new screenshot tool Google Assistant can talk like Yoda and buy your 'Star Wars' tickets
3.07s , 8229.8359375 kb
Copyright © 2025 Powered by 【Lie with me explicit sex scenes (2005) - Lauren Lee smith】,Information Information Network