Summary: A new attack method called ‘Browser Syncjacking’ employs a seemingly harmless Chrome extension to take over a victim’s device through a multi-stage process, including Google profile hijacking and browser manipulation. The attack is stealthy, requiring minimal permissions and victim interaction, allowing attackers to gain complete control over the victim’s browser and data. Security researchers emphasize the difficulty in detecting this type of attack due to its subtle execution and lack of visible signs of hijacking.
Affected: Chrome users, Google Workspace
Keypoints :
- The attack begins with creating a malicious Google Workspace domain and tricking victims into installing a fake Chrome extension.
- After installation, the extension quietly logs victims into a managed Google profile and prompts them to enable Chrome sync, exposing sensitive data.
- Attackers can gain full control over the victim’s browser, allowing them to execute commands, steal data, and install additional malware without the victim’s knowledge.