"Chromium Browsers Allow Data Exfiltration via Bookmark Syncing"
Bookmark synchronization has become a standard feature in modern browsers as it allows Internet users to ensure that the changes they make to bookmarks on one device are reflected on all of their devices at the same time. However, the same useful browser functionality also provides cybercriminals with a convenient attack path. Bookmarks can be used to siphon off massive amounts of stolen data from an enterprise environment, or to sneak in attack tools and malicious payloads undetected. The discovery was made by David Prefer, an academic researcher at the SANS Technology Institute, as part of a larger investigation into how attackers can exploit browser functionality to smuggle data out of a compromised environment and perform other malicious functions. Prefer referred to the process as "bruggling" in a recent technical paper. It is a novel data exfiltration vector, which he demonstrated with a proof-of-concept (PoC) PowerShell script dubbed "Brugglemark." The synchronization process does not exploit any weaknesses or vulnerabilities. What Prefer focuses on is the ability to name bookmarks whatever you want and then synchronize them to other signed-in devices, as well as how that functionality can be twisted and misused in an unintended way. An adversary would already require access to the environment, either remote or physical, and would have infiltrated it and collected the data they wish to exfiltrate. They could then use stolen browser synchronization credentials from a legitimate user in the environment or create their own browser profile. Then they could access and save the data on another system where they have been synchronized, according to Prefer. The same technique could be used by an attacker to sneak malicious payloads and attack tools into a system. This article continues to discuss the bruggling technique for stealing data from a compromised environment.
Dark Reading reports "Chromium Browsers Allow Data Exfiltration via Bookmark Syncing"