Google has worked to ensure users that the Chrome browser is safe and safe to use, with 3 security updates in just 3 weeks. Despite a wonderful resolve to open a new corporate online store to assist the security shields opposed to malicious extensions, new studies have just revealed that any Chrome browser extension can be used to compromise your device. Here’s what you want to know.
As I reported on December 29, hackers employing compromised Chrome browser extensions to bypass two-factor authentication protections were underway. At least 35 corporations had their chrome extensions replaced with malicious versions in what gave the impression of a coordinated crusade of sophistication and scope and scope. At the time, Google Chrome’s security team said users were through a variety of methods, adding a tradition summary of all installed extensions, strict review policies before extensions were released, and non-stop tracking of their aftermath. “that an extension poses a serious threat to Chrome users,” Google said, “without delay it has been removed from the Chrome web store, and the extension is disabled in all browsers that have installed it. “
From now on, Squarex Labs researchers have shown that “a complete acquisition of the browser and the device is imaginable with browser extensions”, and not just malicious; Piracy “only requires fundamental reading / writing capabilities providing in maximum extensions”, which puts “the endangered user for the browser synchronization attack. “
Chrome browser synchronization attacks occur in 3 phases: profile, browser and device kidnapping. But let’s start at first, with the preparation of the attack. This requires that the hacker first firm a domain in a Google Works account and then deactivates 2fa Protections. , The extension of the Internet browser in the Chrome store is created and published that will then be used to recover those profile credentials. The extension is conducted to the victim one of the innumerable phishing techniques. “Seeing that it is. There are only fundamental functions of reading/writing for the maximum popular extension,” the researchers said, “the victim installs the extension”, assuming it is safe. “Over time,” they continued, “the presence of The extension fades in the background as the victim returns to his daily routine. “
At some point in the near future, the extension connects to the domain registered earlier, grabs the credentials and completes the steps to log the victim into one of the previously created accounts. The result here is that the user is now connected to a profile managed by the attacker, enabling them to disable security measures to make the browser more open to attack. This is where things get really interesting.
“The attacker opens up Chrome’s legitimate support page on sync,” the researchers said, “and uses the malicious extension to modify the content on the page, convincing the victim to complete the sync.” And, boom: all locally stored data, which includes Chrome passwords and browsing history, now get uploaded to the hacker-controlled account. But it gets even worse, the researchers said, “The next step involves turning the whole browser into a managed browser controlled by the attacker.” This before finally taking over the entire device.
The browser sync attack is dangerous, the Squarex Labs report warned, because, unlike extension attacks reported in the past that require evolved social engineering, “adversaries only want a minimal and small stage of social engineering, almost no user interaction is required to execute this attack.
A community. Many voices. Create a lazy account to pry your thoughts.
Our network is to connect other people through open and considered conversations. We need that our readers percentage their reviews and exchange concepts and made in a space.
To do so, stay in the publication regulations in the terms of use of our site. We have summarized some of those key regulations below. In other words, keep it civil.
Your message will be rejected if we realize that it turns out to contain:
The user accounts will block if we realize or believe that users have interaction in:
So how can you be a difficult user?
Thanks for reading our network directives. Read the complete list of publication regulations discovered the situations of use of our site.