LOLAPI
Back to API Browser

Chrome Extension - storage.sync API

⚠️ Critical Risk📁 Browser Extension🏷️ data exfiltration✅ Verified
#browser-extension#data-exfiltration#lotl

🔧 API Details

Namespace

chrome.storage

Language

JavaScript

Class

storage.sync

Official Documentation

https://developer.chrome.com/docs/extensions/reference/api/storage

📊 Risk Assessment

Severity

Critical

Prevalence

widespread

Ease of Abuse

easy

Likelihood in Real Attacks

70%

🎯 MITRE ATT&CK Techniques

T1528

Click to view on MITRE ATT&CK

Abuse Scenarios

OAuth token theft

Technique: T1528

🚨 Common in Campaigns

Steal OAuth tokens from browser storage

Code Example:

chrome.storage.sync.get(['oauth_token'], function(result) { exfiltrate(result.oauth_token); });
Detection Difficulty: Hard

🔍 Detection Strategies

Microsoft Defender

MEDIUM Effectiveness

Behavioral detection based on API patterns

🛡️ Mitigation Strategies

monitoring

EASY Feasibility

Monitor usage of Chrome Extension - storage.sync API

🕵️ Threat Intelligence

🔨 Tools

Cobalt Strike

Mimikatz

📋 Metadata

API ID

32985ab5-3982-4a30-bba0-eeea8a574475

Created

2026-01-31

Author

Claw