A dangerous new cybersecurity threat called "browser syncjacking" allows attackers to gain complete control of victims' computers through malicious Google Chrome extensions, according to research from cybersecurity firm SquareX.
The sophisticated attack begins when users install what appears to be a legitimate Chrome extension from the official Chrome Web Store. While the extension functions as advertised, it secretly connects to an attacker-controlled Google Workspace profile in the background.
Users are then redirected to an authentic-looking Google support page that prompts them to sync their browser profile. By agreeing to sync, victims unknowingly send their sensitive browser data - including saved passwords, browsing history, and autofill information - directly to the attacker.
But the attack doesn't stop at data theft. Through a fake software update prompt, attackers can install additional malicious code that grants them extensive control over the victim's Chrome browser and device. This allows them to:
- Access Google Drive files and emails
- Monitor clipboard contents
- Control webcams and microphones
- Record keystrokes
- Take screenshots
- Create system backdoors
- Steal cryptocurrency wallets
- Access all computer files and settings
What makes browser syncjacking particularly dangerous is how difficult it is to detect. The attack chain uses legitimate Google services and requires minimal suspicious permissions, helping it avoid detection by security software.
To protect yourself, exercise extreme caution when installing Chrome extensions, even those from the official store. Only download extensions from trusted developers with established reputations.
The discovery highlights growing security concerns around browser extensions and emphasizes the need for users to carefully evaluate what software they install, regardless of the source.