The specialists of the information security company Proofpoint told about the possibility of hacking Gmail accounts using a browser extension.

The attackers sent phishing emails to victims with a link leading to a fake Adobe Flash Player update page designed to run JavaScript code on the attacked systems. This code would deliver the malicious FriarFox extension, but only if the link was opened by using Firefox.

Once installed, the extension granted attackers full control over the victim's Gmail. Attackers could search emails, archive messages, read emails, receive notifications, mark messages as spam, delete emails, refresh the inbox, forward emails, modify alerts in the browser, delete emails from the Trash folder and send messages.

FriarFox is a heavily altered version of the open source Gmail Notifier extension that gives attackers access to user data for all sites and allows them to view and change privacy settings, display notifications, and access the tabs opened in the browser.

Source: securitylab.ru