New Browser “Syncjacking” Cyberattack Puts Millions at Risk

A new and highly concerning form of cyberattack, dubbed “syncjacking,” is targeting millions of users through popular browsers like Google Chrome, allowing hackers to hijack devices remotely and steal sensitive data. The attack exploits vulnerabilities within browser sync features, such as Chrome’s synchronization service, which stores and syncs user data, including bookmarks, passwords, and browsing history across devices.

How Syncjacking Works

Syncjacking involves tricking a victim’s browser into synchronizing with a malicious account controlled by attackers. The process begins when a user installs a compromised or fake Chrome extension. Once installed, the extension allows the attacker to hijack the victim’s synchronization data. From there, the hacker gains access to the user’s entire browsing environment, including potentially sensitive information stored in browser sync services. This gives attackers full control over the user’s browser, providing an opportunity to modify browsing sessions, harvest data, and even execute commands.

Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly, and Loom. These permissions are routinely granted by users, often without much thought, desensitizing them to the risks. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. According to reports from BleepingComputer and Forbes, attackers can also use this access to remotely control the user’s device, making it an especially dangerous threat. Once attackers gain control, they can manipulate the synced data, deploy additional malware, or steal sensitive information, including login credentials. The sync mechanism in Chrome is designed to keep user data consistent across all devices, but the syncjacking technique exploits its ability to transfer control to unauthorized entities.

Scope of the Threat

Experts warn that millions of Google Chrome users are at risk. The problem affects users who rely on browser synchronization to seamlessly integrate their browsing experience across multiple devices. The malicious Chrome extensions used in these attacks can be installed without the user’s direct knowledge, often masquerading as legitimate software. In some cases, the threat actors gain access to cloud-based data, further compounding the risk.

SquareX, a security research group, has detailed the mechanics of the attack and pointed out the significant dangers it poses to individuals and organizations. “Syncjacking allows full browser and device control, which can lead to severe security breaches,” said a researcher from SquareX, noting that the attack is particularly concerning for enterprises with high-value data.

Google’s Response

Google has acknowledged the emerging threat, but, no permanent solution has been rolled out as of yet. The tech giant has advised users to carefully vet extensions before installing them and to regularly monitor their accounts for suspicious activity. Google has also been blocking malicious apps, as part of its ongoing effort to mitigate security risks across its ecosystem.

While Google is taking steps to improve its defenses, security experts stress that the nature of this attack makes it difficult to entirely eliminate without a major overhaul of how browser sync services are designed. In the meantime, experts recommend that users disable browser syncing when it is not absolutely necessary and ensure that all installed extensions come from verified sources.

Syncjacking represents a serious new threat to browser security, with millions of users vulnerable to remote device hijacking through malicious Chrome extensions. As the attack continues to evolve, users are urged to stay vigilant and exercise caution when installing new extensions or enabling sync features. The need for greater browser security is clear, as this attack method demonstrates how easily cybercriminals can exploit seemingly innocuous services for malicious purposes.

Source: https://devops.com/squarex-discloses-browser-syncjacking-a-new-attack-technique-that-provides-full-browser-and-device-control-putting-millions-at-risk/