SquareX, a leading cybersecurity company based in Palo Alto, California, has unveiled a new attack technique that exposes the vulnerability of malicious extensions in browsers, potentially leading to complete hijacking of devices. The research conducted by SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy, and Pankaj Sharma has shed light on the dangers posed by unauthorized extensions that can exploit read/write capabilities to take control of browsers and devices.
The attack, known as browser syncjacking, comprises three main stages: profile hijacking, browser takeover, and device hijacking. In the profile hijacking phase, the attacker tricks an employee into installing a seemingly harmless browser extension, which then gains access to the victim’s Chrome profile managed by the attacker. With this illicit access, the attacker can manipulate browser settings and push automated policies without the victim’s knowledge.
To escalate the attack further, the malicious extension can deceive the victim into syncing their profile, thereby granting the attacker access to stored credentials and browsing history. This stage of the attack highlights the cunning use of social engineering to exploit trusted websites and extract sensitive information undetected.
In the next phase, browser takeover, the attacker converts the victim’s Chrome browser into a managed browser through the installation of a malicious executable disguised as a legitimate download. This manipulation allows the attacker to disable security features, install additional malware, and redirect the victim to phishing sites, all without raising suspicion.
The final stage, device hijacking, involves inserting registry entries that enable the extension to interact with local applications, giving the attacker full control over the device’s functions. This level of access allows the attacker to remotely activate the device camera, capture audio, record screens, and install malicious software, posing a severe threat to the victim’s privacy and data security.
SquareX’s groundbreaking research has underscored the inherent vulnerabilities in browser extensions and the urgent need for enhanced security measures. The company’s founder, Vivek Ramachandran, emphasizes the critical importance of addressing these sophisticated browser-based attacks with a proactive and innovative approach. By developing a Browser Detection-Response solution, SquareX aims to provide enterprises with the necessary tools to combat advanced extension-based threats effectively.
The implications of the browser syncjacking attack are far-reaching, as it exposes a significant blind spot in enterprise security systems. Without proper visibility and control at the browser level, organizations are at risk of falling victim to stealthy attacks that exploit user trust and minimal permissions. SquareX’s research represents a crucial step towards enhancing cybersecurity measures and safeguarding against evolving threats in the digital landscape.
For more information on SquareX and their cutting-edge research on browser extensions, please visit sqrx.com/research. Join over 500,000 cybersecurity professionals in the LinkedIn group “Information Security Community” to stay informed about the latest developments in cybersecurity.