A Malicious Google Chrome Extension Has Been Discovered

An add-on was detected trying to abuse the synchronization feature in Google Chrome, the world’s most used internet browser. Thanks to this plugin, users’ data can be stolen.

It is one of the features that Google Chrome offers to its users. synchronizationAllows copying of Chrome browser’s history, bookmarks, password, browser and plugin settings after logging into Google account.

This feature ensures synchronization of data between the user and the user’s devices. In this way, no matter what device the user uses Chrome It can easily access all of its data from its application. Of course, as you can imagine, attackers have emerged who can take advantage of this situation.

Attackers taking advantage of the Chrome sync feature

google chrome malicious plugin

Chrome sync Realizing that they can take advantage of the feature, attackers use this feature to send commands and steal data to browsers that are already weakened. Thanks to the Chrome extensions created, they can bypass firewalls.

According to the news in Digital Information World, Bojan Zdrnja, a security consultant, discovered a malicious Chrome extension. This add-on, Chrome sync feature, To extract data from weakened browsers forcing the command and control servers to communicate.

The attacker downloaded the plug-in to the Chrome browser on the victim’s computer and installed it through Developer Mode. He could do this because he could take control over the computer. This plugin contained code that abused the Chrome sync feature. Thanks to these codes, the user was able to gain control over his browser and cloud storage.


Google Released Update Closing A Vulnerability in Chrome

To gain full control over the synchronized data, the attacker had to log into the same Google account on another device with Chrome. In fact, Google took precautions against such plugins and removed many plugins from the store. However, this plugin could be stuck with the difference in working logic. Zdrnja, he identified these activities last week Reported to Google.

Source :