Hackers May Use Malicious Chrome Sync Feature to Steal Your Data

Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

A Croatian cybersecurity researcher Bojan Zdrnja identified a malicious Google Chrome extension that abuses the Chrome Sync feature and can let hackers steal the data from the compromised systems by bypassing the conventional firewalls and other network defenses.

Recently, Google fixed a zero-day vulnerability in Chrome 88.0.4324.150 -bug in V8 JavaScript engine.

For people who don’t use Chrome browser, let me tell you, Chrome Sync is a Chrome browser’s feature that saves the clones of the browser and extension settings, Chrome bookmarks, browsing history, and passwords, on Google’s cloud servers.

The feature is used to sync the above-mentioned details of a particular Chrome user across their multiple devices. Hence, the user will always has the access to his/her most current Chrome data wheresoever they go.

Chrome Sync Feature Was Lately Exploited

Bojan Zdrnja stated that during his investigation, the attackers obtained access to the targeted system. However, the information they wanted to steal was in an employee’s portal, they downloaded a Chrome extension on the user’s system and loaded it through the Chrome browser’s developer mode.

The extension which posed as a security add-on extension from security company Forcepoint consisted of a malicious code that exploited the Chrome sync feature to let the attackers take control of the infected browser.

As per Bojan Zdrnja’s statement, the end purpose of the extension was to utilize it in manipulating the data in an internal web application that the victim had access to. He further said in the report that while they also wanted to spread their access, they actually restricted activities on this workstation to those associated with web applications, which illustrates why they released just the malicious Chrome extension and not released any other binaries.

The Croatian researcher gave a strong suggestion that the companies should use Chrome’s enterprise features and group policy support as it offers better control to allow and block the extensions that can be installed in the Chrome browser. Eventually, it avoids users from installing rogue extensions similar to the( Forcepoint Endpoint for Windows), which he investigated and reviewed.

Are you looking for more security updates? Subscribe to our newsletter for the latest security news right from the security and research industries. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

DoppelPaymer ransomware operation getting rebranded, now named as Grief (alias Pay or Grief)

Doppel Paymer ransomware operation made a rebranding move. Following a period of little or no activity, now they are back...

More Articles Like This