Google Chrome just can't catch a break.
Unfortunately, it's in the cybersecurity news again regarding a new attack which is being referred to as "browser syncjacking," by the company that describes it, SquareX.
It involves something we've been warning about over the years: browser extensions.
However, if you extend Chrome with this one, you will send all your saved browser data, including your passwords, to attackers and take over your Chrome profile.
But wait! As you may have guessed, yes, there is more! This extension also allows the attackers to take over the entire device.
For this attack, social engineering is the primary tactic.
The user is convinced to download the extension. Typically, this is done via phishing.
The user is convinced that the extension is a helpful tool. In the example from SquareX, Zoom is used.
The attackers send the users to an official, but modified, webpage that urges an update to be installed.
While an extension is downloaded, it also comes with an executable file riding piggyback.
That file loads a file from the attacker's Google Workspace. At some point, the victim is asked to "sync" their profile.
tension also allows the attackers to take over the entire device.
