A dangerous new cyberattack method called "browser syncjacking" allows hackers to gain complete control of victims' computers through malicious Google Chrome extensions, according to cybersecurity firm SquareX.
The attack begins when users install what appears to be a legitimate Chrome extension from the official store. While the extension works as advertised, it secretly connects to a hacker-controlled Google Workspace profile in the background.
Users are then directed to an authentic-looking Google support page that prompts them to sync their browser profile. By agreeing to sync, victims unknowingly send their sensitive browser data - including saved passwords, browsing history, and autofill information - directly to the attacker.
But the attack doesn't stop at data theft. Hackers can push fake software updates that install malicious code, giving them access to victims' Google Drive, clipboard contents, and emails. Through Chrome's Native Messaging protocol, attackers can establish direct control over the target computer.
Once full device access is achieved, hackers can:
- Access all computer files and settings
- Create system backdoors
- Steal passwords and cryptocurrency wallets
- Control webcams
- Record audio
- Capture screenshots
- Monitor all device inputs
The attack is particularly dangerous because it appears completely legitimate to average users, operating through official Chrome features and legitimate-looking prompts.
Security experts recommend carefully vetting Chrome extensions before installation and only using trusted, well-reviewed tools from known developers. Users should also be extremely cautious about any browser sync requests or software update prompts, even if they appear to come from legitimate sources.
This new threat highlights growing security concerns around browser extensions and emphasizes the need for heightened user awareness when installing browser add-ons.