Can Chrome sync be infected?

Generally, yes, it can. You can even find instructions about how to fix this problem.

More specifically, Chrome sync synchronizes (per the advanced sync settings of Chrome v.47):

  • Apps and extensions
  • Autofill information
  • Bookmarks
  • History
  • Passwords
  • Settings
  • Open tabs
  • Themes

If any of those can be maliciously manipulated, it will likely be spread by Chrome sync. Here's malicious activities that I can think of; I'm sure there are more:

  • Apps and extensions - Many, many ways to do bad stuff here. These can open windows, alter page contents, redirect pages, etc...
  • Autofill information - An attacker could try to have online orders shipped to the their address or fill in other information.
  • Bookmarks - Alter your bookmarks to go to attacker's site.
  • History - As this is used for completion, you can misdirect the user when typing an URL to go to the attacker's URL.
  • Passwords - Assuming you can only set passwords and not get them, all that I can think of is that an attacker could trick a user into logging into a site as the attacker. Presumably the user would enter confidential information or do something else that would be of value to the attacker.
  • Settings - You mention proxies. Therer's also the settings for the new tab and home pages. I'm sure there's more.
  • Open tabs - Open pages with malicious content or downloads on remote devices.
  • Themes - Can't think of much. Perhaps change the user's theme to lots of cats?

Destroying data in Chrome sync may also be a way to spread malicious activity. For example, just deleting all of a user's bookmarks could cause great pain for bookmark-heavy users.

While every piece of browser malware may not be applicable to being synced across instances, certainly there are many ways to do it.

Tags:

Synchronization

Chrome

Infection

Related

How does CORS prevent XSS? Are .dll files normally found in system32 but now in a user’s AppData folder always suspicious? Script / method to erase USB flash drive content after a certain number of uses Need to access old forgotten router that only supports SSLv3 How to manually disable the no contact card? Did KeePassX ever have an audit funding? Router being infected by malware What does the Juniper backdoor actually allow an attacker to do? XSS via JSON: Why does a web application not sanitize either its incoming params hash or its outgoing JSON values of malicious tags like Script? Should I be concerned that Google no longer trusts specific Symantec root CA cert that is also on my Windows system? How to defeat doubling up apostrophes to create SQLi attack? Phone call to try and gain access

Recent Posts