Security News New Syncjacking attack hijacks devices using Chrome extensions

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/new-syncjacking-attack-hijacks-devices-using-chrome-extensions/

A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device.

The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover.

Despite the multi-stage process, the attack is stealthy, requires minimal permissions, and almost no victim interaction other than to install what appears to be a legitimate Chrome extension.

...

SquareX highlights the stealth and potent nature of the attack, underlining how difficult it would be for most users to realize something's off.

"Unlike previous extension attacks that involve elaborate social engineering, adversaries need only minimal permissions and a small social engineering step, with nearly no user interaction required to execute this attack," describes the report.

"Unless the victim is extremely security paranoid and is technically savvy enough to constantly navigate the Chrome settings to look for managed browser labels, there is no real visual indication that a browser has been hijacked."

New Syncjacking attack hijacks devices using Chrome extensions

A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device through the browser.

www.bleepingcomputer.com