Home News A Malicious Google Chrome Extension Has Been Discovered

A Malicious Google Chrome Extension Has Been Discovered

by tenderpuls

An add-on was detected trying to abuse the synchronization feature in Google Chrome, the world’s most used internet browser. Thanks to this plugin, users’ data can be stolen.

It is one of the features that Google Chrome offers to its users. synchronizationAllows copying of Chrome browser’s history, bookmarks, password, browser and plugin settings after logging into Google account.

This feature ensures synchronization of data between the user and the user’s devices. In this way, no matter which device the user uses Chrome It can easily access all of its data from its application. Of course, as you can imagine, attackers have emerged who can take advantage of this situation.

Attackers taking advantage of the Chrome sync feature

Chrome sync Realizing that they can take advantage of the feature, attackers use this feature to send commands and steal data to browsers that are already weakened. Thanks to the Chrome extensions created, they can bypass firewalls.

According to the news in Digital Information World, Bojan Zdrnja, a security consultant, discovered a malicious Chrome extension. This add-on, Chrome sync feature, To extract data from weakened browsers forcing communication with command and control servers.

The attacker downloaded the plug-in to the Chrome browser on the victim’s computer and installed it through Developer Mode. He could do this because he could take control over the computer. This plug-in contained code that abused the Chrome sync feature. Thanks to these codes, the user was able to gain control over his browser and cloud storage.

RELATED NEWS

Google Released Update Closing A Vulnerability in Chrome

In order to gain full control over the synchronized data, the attacker had to log in to the same Google account on another device with Chrome. In fact, Google has taken precautions against such plugins and removed many plugins from the store. However, this plugin could be stuck with the difference in working logic. Zdrnja, he identified these activities last week Reported to Google.

Source :
https://www.digitalinformationworld.com/2021/02/an-extension-was-discovered-that.html

Related Posts

Leave a Comment

antalya escort antalya escort antalya escort chip satışı zynga chip chip satışı Live stream Prosieben live Sat 1 live
dedektiflik bürosu antalya dedektiflik bürosu