This feature allows attackers to covertly steal data from organizations’ systems and deploy malware.
The new attack vector was discovered by David Prefer, a SANS Institute of Technology researcher who researched vulnerable features in browsers that could be used by hackers to steal data and deploy malware. Perfer called his discovery “bruggling” (a combination of the words browser and smuggling), and a demonstration exploit written in PowerShell – Brugglemark.
The researcher was able to find out that the bookmark synchronization function can be used in attacks. With its help, attackers can quietly steal data from the systems of organizations, as well as install malware, with little risk of being detected.
To carry out an attack, a hacker must gain access to the victim’s system and collect all the necessary data, and then translate it into a form that can be saved as bookmarks. After that, the attacker must create his profile in the browser or use stolen credentials from the victim’s browser account.
Immediately after that, the bookmarks are synchronized and the hacker will have access to them on his device. Perfer believes that this method allows malware to be copied to the victim’s system, synchronizing malicious bookmarks already on their device.
This attack vector cannot be detected by antiviruses and security systems. In addition, it works on Chrome, Opera, Edge and Brave browsers.