Google Chrome Sync Feature Can Be Abused For C&C and Data Exfiltration (zdnet.com) 13
Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses. From a report: For non-Chrome users, Chrome sync is a feature of the Chrome web browser that stores copies of a user's Chrome bookmarks, browsing history, passwords, and browser and extension settings on Google's cloud servers. The feature is used to sync these details between a user's different devices, so the user always has access to his most recent Chrome data wherever they go. Bojan Zdrnja, a Croatian security researcher, said on Thursday that during a recent incident response, he discovered that a malicious Chrome extension was abusing the Chrome sync feature as a way to communicate with a remote command and control (C&C) server and as a way to exfiltrate data from infected browsers. Zdrnja said that in the incident he investigated, attackers gained access to a victim's computer, but because the data they wanted to steal was inside an employee's portal, they downloaded a Chrome extension on the user's computer and loaded it via the browser's Developer Mode.
Google Chrome sync feature can be abused for C& (Score:5, Funny)
What do you mean? The original C&C, C&C: Tiberian Sun, C&C: Renegade, C&C 3: Tiberium Wars or C&C 4: Tiberian Twilight?
Re:Google Chrome sync feature can be abused for C& (Score:2)
Typical Slashdot... it lets me enter "Google Chrome sync feature can be abused for C&C" in the title but proceeds to cut of the last letter when I click on submit.
Re:Google Chrome sync feature can be abused for C& (Score:2)
What do you mean? The original C&C, C&C: Tiberian Sun, C&C: Renegade, C&C 3: Tiberium Wars or C&C 4: Tiberian Twilight?
C&C Music Factory
EVERYBODY DANCE NOW!
Re:Google Chrome sync feature can be abused for C& (Score:2)
Forgot about C&C Generals?
Re:Google Chrome sync feature can be abused for C& (Score:3)
What do you mean? The original C&C, C&C: Tiberian Sun, C&C: Renegade, C&C 3: Tiberium Wars or C&C 4: Tiberian Twilight?
Given the nature of the situation, wouldn't you say that it's C&C: Red Alert?
Music Factory! (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org] ;)
Bojan Zdrnja's ISC Blog Post (Score:4, Informative)
Matter of Time (Score:1)
It was only a matter of time. All these "in the cloud" password managers are the best way to get everybody's passwords. Who would have thought.
Re: (Score:3)
> Who would have thought.
That a browser extension, installed locally in developer mode, would have elevated privileges.
There will be a sandbox escape at some point that attacks browser password stores, but this isn't it.
That "High Alert" screen could be a clue (Score:2)
Further, Chrome includes a warning page when an extension requests permission to access things. Different versions of the page for different permissions. In this case it probably would have been the High Alert" page with an exclamation point in a read circle, titled "High Alert". It the explains that the extension is requesting permission to modify all of your web pages, access passwords whatever. (There are about a dozen different permissions and it lists which of those the extension is requesting).
Tha
Surprised it took this long... (Score:2)
So, working as expected? (Score:3)
Note the only vulnerability is allowing non-Google extensions to do this
Writing (Score:2)
For non-Chrome users, Chrome sync is a feature of the Chrome web browser
Chrome sync is obviously not a feature for non-Chrome users. This writing sucks.