1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A new Chrome browser highjacking attack could affect billions of

    From TechnologyDaily@1337:1/100 to All on Fri Jan 31 19:00:08 2025
    A new Chrome browser highjacking attack could affect billions of users - here's how to fight it

    Date:
    Fri, 31 Jan 2025 18:45:33 +0000

    Description:
    There's a new highjacking attack that could take over your Chrome browser and steal all your data - here's how to keep your computer safe.

    FULL STORY ======================================================================A new highjacking attack targets Chrome browsers It could steal all your browser data and even from your OS There are several ways for users to fight back

    Whether you believe it to be the best web browser , Google Chrome is undoubtedly the most popular search engine by a landslide. For that reason,
    it remains a popular target for hackers as well. And now, a massive new
    threat is on the horizon, which could threaten billions of users.

    A new attack called Browser Syncjacking has been discovered by security researchers at the cybersecurity firm SquareX (reported on by
    BleepingComputer ). Though it requires several steps, its shockingly easy for the average Chrome user to fall victim, as it needs minimal permissions.

    First, a malicious Google Workspace domain is created with multiple user profiles, and security features like multi-factor authentication are
    disabled. This is used to create managed profiles in the background of the victims devices. Then, hackers will then create a malicious Chrome extension to launch on the official Chrome Store, appearing as a useful tool to attract potential victims.

    Once any potential victims install the extension, it hides a browser window that runs in the background to log the victim into one of the Workspace profiles previously made. The final step involves tricking the victim into activating Chrome sync by opening a very real Chrome support page thats been tampered with, then guiding them through turning on sync. If this happens, that persons full Chrome account and stored data including browsing history and passwords are now available on the hackers profile.

    From here, as SquareX explains, a victims entire browser can be taken over, often through a seemingly innocent Zoom invite that, if accepted, gets malicious content from that Chrome extension injected into it. If the victim falls for a prompt that asks to update Zoom, the update (actually an executable file that contains an enrollment token) will allow the hacker to control the browser completely.

    Not only does this give hackers free reign over any data stored in your browser and allow them to spy on any websites you browse (and see any sensitive information you input), but it also allows them to access your OS
    to install malware, capture keystrokes, extract sensitive data and even activate a devices webcam and microphone, as Toms Guide details. How do you stay safe?

    This all sounds overwhelming and even impossible to avoid since the attacks require so little input from users to get the ball rolling. But there are
    ways to keep your browser safe from harm.

    The first is to avoid installing new Google Chrome extensions while limiting the ones you already have. If you really need to install anything new, make sure to research it and its developers for signs of suspicious activity.

    Its also essential to have the best antivirus software, which will automatically scan your PC or Mac regularly and immediately alert you to suspicious activity. Its best to store passwords in the best password
    managers instead of in the browser, protecting them from hackers prying eyes.

    There are always new attacks on the horizon, but its vital to stay vigilant
    in your online activity and be careful of extensions and software you download. This will always serve to protect your browser and computer. Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard Google wants to give IT admins more control over what Chrome extensions you use at work Despise internet pop-ups? Google Chrome is testing an AI-powered feature to help end these



    ======================================================================
    Link to news story: https://www.techradar.com/computing/chrome/a-new-chrome-browser-highjacking-at tack-could-affect-billions-of-users-heres-how-to-fight-it


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)