A Malicious Google Chrome Extension Has Been Discovered

It is one of the features that Google Chrome offers to its users. synchronizationAllows copying of Chrome browser’s history, bookmarks, password, browser and plugin settings after logging into Google account.

This feature ensures synchronization of data between the user and the user’s devices. In this way, no matter which device the user uses Chrome It can easily access all of its data from its application. Of course, as you can imagine, attackers have emerged who can take advantage of this situation.

Attackers taking advantage of the Chrome sync feature

Chrome sync Realizing that they can take advantage of the feature, attackers use this feature to send commands and steal data to browsers that are already weakened. Thanks to the Chrome extensions created, they can bypass firewalls.

According to the news in Digital Information World, Bojan Zdrnja, a security consultant, discovered a malicious Chrome extension. This add-on, Chrome sync feature, To extract data from weakened browsers forcing communication with command and control servers.

The attacker downloaded the plug-in to the Chrome browser on the victim’s computer and installed it through Developer Mode. He could do this because he could take control over the computer. This plug-in contained code that abused the Chrome sync feature. Thanks to these codes, the user was able to gain control over his browser and cloud storage.

In order to gain full control over the synchronized data, the attacker had to log in to the same Google account on another device with Chrome. In fact, Google has taken precautions against such plugins and removed many plugins from the store. However, this plugin could be stuck with the difference in working logic. Zdrnja, he identified these activities last week Reported to Google.