Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malicious extension abuses Chrome sync to steal users’ data
#1
[Image: tpJ9Zzt.png]

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions.

Google's infrastructure is also up for misuse as a command-and-control (C2) communication channel to exfiltrate the stolen data to attacker-controlled servers as security consultant Bojan Zdrnja discovered.


Chrome Sync is a browser feature designed to automatically synchronize a user's bookmarks, history, passwords, and other settings after they log in with their Google account.

Bypassing Chrome Web Store security checks

While malicious Chrome extensions are a dime a dozen with Google removing hundreds of them each year from the Chrome Web Store, this one was special due to the way it was deployed.

The attacker's malicious addon was camouflaged as the Forcepoint Endpoint Chrome Extension for Windows and installed directly from Chrome (bypassing the Chrome Web Store installation channel) after enabling Developer mode.


Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Data of 2.6 million Duolingo users posted on the dark web tarekma7 0 1,025 08-27-2023 , 05:56 PM
Last Post: tarekma7
  Chrome extension turns on YouTube captions when eating noisy chips tarekma7 0 1,062 03-06-2021 , 09:34 AM
Last Post: tarekma7
  MyFreeCams site hacked to steal info of 2 million paying users tarekma7 0 872 01-22-2021 , 09:33 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)