Google is working to convince users that Chrome is safe and secure to use browser Three latest information of security In spite of one in just three weeks The decision of the surprise To open a new enterprise web store to help prevent security risk Maliciously -based extensionNew research has just revealed that any chrome browser extension can be used to compromise with your device. Here you need to know.

ForbesHackers are using Google to steal Microsoft Passwords

Chrome Browser Extension Security Issue

As I Reported on December 29Hackers were continuing, using the extension of the compromised chrome browser to ignore the two -element verification concerns. At least 35 companies had replaced their chrome extensions, replacing a malicious version, which showed some sophistication and access to hacking campaign. At that time, the Google Chrome security team said that consumers were protected in different ways, in which a personal summary of all installed expanses, strict review policies before the extension was published, and then their continuous Monitoring is also included. “If the team knows that Extension Chrome is in serious danger for consumers,” Google said, “Google said, it has been immediately removed from the Chrome web store, and all the browsers who install it On the extension becomes inactive. “

Now, Researchers at Skyrics Labs It has confirmed that “a full browser and device take over from the browser expansion”, and not only maliciously based. The hack “just requires basic reading/writing abilities in most expansion,” which “puts an extended user at risk of browser harmony.”

Chrome Extension Sancinging Occupation Procedure

Chrome browser harmony attacks are found in three stages: profile, browser and device hijacking. But we initially start preparing for the attack. This requires registering a domain in the Google Work space account before the hacker and then disabling 2 FA reservations. Then a functional web browser extension is produced and published on the Chrome store, which will later be used to recover these profile credentials. The expansion is pushed to the affected person using any of the current thousands of fashing techniques. Researchers said, “Seeing that the basic reading/writing capabilities are available for more popular expansion,” the researchers said, “Installs the affected extension,” assuming that it is safe. He added, “Over time, the presence of expansion becomes in the background when the victim returns to its daily routine.”

At some point in the near future, the extension is linked to the first registered domain, captures the credentials, and completes the measures to log in to one of the pre -created accounts. The result here is that the user is now linked to the attacker’s profile, which enables them to disable security measures to make the browser more open to attack. From here things are really interesting.

Researchers said, “The attacker opens the Chrome’s legitimate support page on synchronization, and uses malicious expanses to edit the content on the page, and agree to complete the victim’s synchronization “” And, Boom: All locally stored data, which includes chrome password and browsing history, is now uploaded to the hacker -controlled account. But it gets worse, researchers said, “The next step involves turning the entire browser into a systematic browser under the invader.” It finally before handling the entire device.

ForbesFBI’s new warning – as long as the attacks continue

Chrome reducing attacks attacks

The Squares Labs report warns that the browser’s synchronization attack is particularly dangerous, as it has previously been reported that the need for a widespread social engineering in contrast to the previously reported expansion attacks Happens, “Opponents just need minimal permission and a small social engineering move, which does not require nearly consumer dialogue to carry out the attack. To reduce attacks , Skyrikes recommends the use of a local solution from a browser that understands each extension run -time behavior, as it operates fully in the Chrome extension browser and identified it by allowing or not by the sites involved. I can reach Google for a statement.



Source link