Express Computer
Home  »  Internet  »  Malicious Chrome sync feature can help hackers steal your data

Malicious Chrome sync feature can help hackers steal your data

0 81
Read Article

A cyber security researcher has discovered a malicious Google Chrome extension in the wild abusing the Chrome Sync process that can help hackers steal user data.

Hackers can use the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses.

Croatian security researcher Bojan Zdrnja found a malicious Chrome extension that can communicate with a remote command and control (C&C) server and as a way to exfiltrate data from infected browsers, reports ZDNet.

Chrome sync is a feature of the Chrome web browser that stores copies of a user’s Chrome bookmarks, browsing history, passwords, and browser and extension settings on Google’s cloud servers.

According to Zdrnja, the goal was to use the extension to “manipulate data in an internal web application that the victim had access to.”

“While they also wanted to extend their access, they actually limited activities on this workstation to those related to web applications, which explains why they dropped only the malicious Chrome extension, and not any other binaries,” Zdrnja said in the report.

The basis for this attack were malicious extensions that the attacker dropped on the compromised system.

“Now, malicious extensions are nothing new – there were a lot of analysis about such extensions and Google regularly removes dozens of them from Chrome Web Store, which is the place to go to in order to download extensions,” the security researcher mentioned.


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]


Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time
Leave A Reply

Your email address will not be published.

Virtual Conference


Join India's Largest Premier CyberSecurity & Attend LIVE sessions by Industry Experts.
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
Enable A Truly Seamless & Secure Workplace.
Register Now
Attend Inida's Largest BFSI Technology Conclave!
Register Now
Know how to protect your company in digital era.
Register Now
Protect Your Critical Assets From Well-Organized Hackers
Register Now