Google Chrome Sync Feature Can Be Abused For C&C and Data Exfiltration

Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses. From a report: For non-Chrome users, Chrome sync is a feature of the Chrome web browser that stores copies of a user's Chrome bookmarks, browsing history, passwords, and browser and extension settings on Google's cloud servers. The feature is used to sync these details between a user's different devices, so the user always has access to his most recent Chrome data wherever they go. Bojan Zdrnja, a Croatian security researcher, said on Thursday that during a recent incident response, he discovered that a malicious Chrome extension was abusing the Chrome sync feature as a way to communicate with a remote command and control (C&C) server and as a way to exfiltrate data from infected browsers. Zdrnja said that in the incident he investigated, attackers gained access to a victim's computer, but because the data they wanted to steal was inside an employee's portal, they downloaded a Chrome extension on the user's computer and loaded it via the browser's Developer Mode.

Read more of this story at Slashdot.