Cyberstalkers are increasingly exploiting a feature in Google Chrome, designed for user convenience, to gain unauthorized access to sensitive data, according to new research. The method allows malicious actors to potentially monitor browsing history and steal stored passwords.
Certo Software detailed in a blog post Tuesday how stalkers are leveraging Chrome’s sync functionality. This feature, intended to synchronize browsing data across multiple devices when a user logs into their Google account, can be misused if an abuser gains brief physical access to a victim’s phone.
How Cyberstalkers Exploit Chrome Sync
The technique involves an attacker signing into their own Google account on the victim’s phone while they have the Chrome application open. Once logged in, and with sync features enabled, the victim’s browsing activity and saved credentials can be transmitted and accessed remotely by the stalker.
Certo provided an anonymized example of a woman, referred to as Emma, who had used her phone to research legal aid and domestic violence resources. Her partner later revealed details she had looked up, despite her not installing any suspicious apps or noticing any changes to her device. The researchers explained that the partner had previously signed into his Google account on her phone during a moment when it was unattended, thereby enabling the tracking.
This method requires only a short period of unsupervised access to the target device. The simplicity of the attack, without requiring explicit installation of spyware, makes it particularly insidious.
The Rise of Exploiting Legitimate Features
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, commented on the findings that this form of tech-enabled abuse highlights that not all digital stalking relies on dedicated stalkerware. This broader perspective is crucial for understanding the evolving tactics of abusers.
Certo Software suggests that Google could implement safeguards to mitigate this risk. Potential solutions include providing immediate notifications when a new account is added or sync is activated, or displaying a persistent visual indicator that clearly shows when sync is active and to which account it is connected.
Google did not immediately respond to requests for comment regarding Certo’s findings. However, the research suggests this rise in exploitation of Chrome’s sync feature may be a consequence of increased security measures making traditional spyware more difficult to deploy.
Certo co-founder Russell Kent-Payne stated that advancements in smartphone security, including regular updates and stricter app store policies, have made traditional spyware a less viable option for cyberstalkers. Consequently, abusers are turning to simpler, less detectable methods, such as misusing features already present and trusted on a victim’s device.
Google Chrome remains the world’s most widely used web browser, and its sync feature has previously been the subject of security discussions, underscoring the ongoing importance of robust privacy controls and user awareness.
Moving forward, users are advised to be vigilant about who has physical access to their devices and to regularly review their Google account activity and Chrome sync settings. The next expected step will likely be any response or action taken by Google concerning these identified vulnerabilities in Chrome sync.

