Syncjacking Jacks Up Chrome Browsers
March 18, 2025
Google Chrome just can’t catch a break. Unfortunately, it’s in the cybersecurity news again regarding a new attack which is being referred to as “browser syncjacking,” by the company that describes it, SquareX. It involves something we’ve been warning about over the years: browser extensions. However, if you extend Chrome with this one, you will send all your saved browser data, including your passwords, to attackers and take over your Chrome profile. But wait! As you may have guessed, yes, there is more! This extension also allows the attackers to take over the entire device.
For this attack, social engineering is the primary tactic. The user is convinced to download the extension. Typically, this is done via phishing. The user is convinced that the extension is a helpful tool. In the example from SquareX, Zoom is used. The attackers send the users to an official, but modified, webpage that urges an update to be installed. While an extension is downloaded, it also comes with an executable file riding piggyback. That file loads a file from the attacker’s Google Workspace. At some point, the victim is asked to “sync” their profile.
That’s when the dirty deeds begin. The attackers then have control and can send commands to the device. This can, of course, allow them to steal passwords, cryptocurrency wallets, take screenshots, control the webcam…the possibilities are endless.
This is why downloading browser extensions is strongly discouraged. If you don’t need it, don’t download it. In fact, go into your browsers now and deactivate extensions you don’t use. If you’re not sure, shut them off and find out if you need them. If not, uninstall them. This goes for any and all browsers you use.
Remember to keep your eye out for phishing too. While social engineering can come in many forms, phishing is the most common and most likely to be the delivery tool for this attack.
SUBSCRIBE TO WEEKLY NEWSLETTER
