New Syncjacking attack hijacks devices using Chrome extensions www.bleepingcomputer.com/news/secu…

A new attack called ‘Browser Syncjacking’ demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim’s device.

The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover.

Despite the multi-stage process, the attack is stealthy, requires minimal permissions, and almost no victim interaction other than to install what appears to be a legitimate Chrome extension.