02-05-2021 , 10:41 PM
![[Image: tpJ9Zzt.png]](https://i.imgur.com/tpJ9Zzt.png)
The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions.
Google's infrastructure is also up for misuse as a command-and-control (C2) communication channel to exfiltrate the stolen data to attacker-controlled servers as security consultant Bojan Zdrnja discovered.
Chrome Sync is a browser feature designed to automatically synchronize a user's bookmarks, history, passwords, and other settings after they log in with their Google account.
Bypassing Chrome Web Store security checks
While malicious Chrome extensions are a dime a dozen with Google removing hundreds of them each year from the Chrome Web Store, this one was special due to the way it was deployed.
The attacker's malicious addon was camouflaged as the Forcepoint Endpoint Chrome Extension for Windows and installed directly from Chrome (bypassing the Chrome Web Store installation channel) after enabling Developer mode.
Continue reading HERE
