SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

SquareX researchers disclosed a high-impact attack called "browser syncjacking" in which malicious Chrome extensions (or hijacked legitimate ones) can silently authenticate victims into attacker-managed Google Workspace profiles, push policies, steal stored credentials, intercept and replace legitimate downloads with attacker executables that enroll the browser as managed, and use native messaging to attain full device takeover—exfiltrating data, enabling screen/camera capture, and persisting control. The attack requires minimal permissions and user interaction, evades traditional network and endpoint controls, and poses broad enterprise risk unless organizations implement browser-level visibility and controls.