Chrome new malicious plug-in leaked, steal user data from a security company

Croatian security researcher Bojan Zdrnja said on Thursday that he recently discovered a new malicious Chrome extension that abuses the Chrome sync function and uses it to communicate with a remote command and control (C&C) server And then steal data from the infected browser.

Zdrnja said that the extension is a security plug-in from the security company Forcepoint, which contains malicious code that abuses the Chrome synchronization feature, allowing attackers to control the infected browser.

The Chrome sync function is a useful feature of the Chrome browser. It can store a copy of the user’s Chrome bookmarks, browsing history, passwords, and extension settings on Google’s cloud server.

Join Our RealMi Central Channel On Telegram

Zdrnja said that the malicious code found in the extension showed that an attacker could use a malicious add-on to create a text-based field to store the token key, and then synchronize it to Google cloud servers as part of the synchronization function.

In this way, the extension can be used as a penetration channel for attacking the corporate internal network from the browser side.

If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.

Leave a Comment