Threat leads have observed they can exploit the Google Chrome sync feature to deliver commands to infected browsers and seize information from infected systems, avoiding conventional firewalls and other network protection.
Bojan Zdrnja, a Croatian security researcher, found a malicious Chrome extension in the wild violating the Chrome Sync method to communicate with a remote command and control (C&C) server and as a way to exfiltrate information from infected browsers.
Also, Zdrnja said in a statement that the purpose of this particular attacker was to use the extension to manage information in an in-house web application that the victim had access to.
To Read More: ZDNet