Google Chrome is today the most important browser on the market. It is undoubtedly the most widely used and is present in all types of operating systems. So when we talk about a problem, an extension or a change in this browser, they can affect many users. Today we are talking about a test extension they have done to turn Chrome into a proxy bot . This could allow even a hacker to have full control with an extension.
Chrome extension turns browser into proxy bot
A security researcher has released a test extension for Chrome called CursedChrome . The objective is to be able to show how our browser can become a proxy. In this way it could be used by a possible hacker and navigate through a false user identity.
Specifically, this proof of concept has been carried out by security researcher Matthew Bryant. The CursedChrome extension is available on GitHub . The code is available to anyone who wants to and can take the test.
How does CursedChrome work? We can say that it has two parts . One of them is on the client side, which would be the extension itself. The other part would be on the server side, which would be a control panel where CursedChrome bots would report.
Basically upon installing this extension, a possible attacker from the other party could log in to the CursedChrome control panel and thus establish a connection to each infected host.
The link between the extension and the control panel is a simple WebSocket connection that works like a classic HTTP reverse proxy.
We can therefore say that once the attacker has managed to connect to an infected host , he could surf the Internet using that infected browser. It could hijack started sessions, steal the victim’s online identity, or make use of applications or pages.
Without a doubt a tool like CursedChrome is ideal for a hacker looking to use the network as if it were another user. In short, he could surf the Internet as if he were someone else.
Use existing tools
The security researcher who has designed CursedChrome has indicated that he has not contributed anything new. It ensures that all the tools used already existed. It could have been created by any attacker and carry out what we have mentioned.
What he mainly seeks with this is to create awareness among users. It seeks that we all know the importance of installing safe, reliable tools and not compromising our systems in any way.
It is when it comes to browsing, installing extensions and add-ons, one of the most important sources of malware and threats. There are many attacks that we can suffer simply by installing software that has been maliciously modified.
For this reason we want to remember the importance of installing extensions only from official sources. We must avoid those that we download from third party sites and that may put our security at risk. We leave you an article with the best privacy extensions for Chrome .
