Can Chrome sync be infected?
Generally, yes, it can. You can even find instructions about how to fix this problem.
More specifically, Chrome sync synchronizes (per the advanced sync settings of Chrome v.47):
- Apps and extensions
- Autofill information
- Bookmarks
- History
- Passwords
- Settings
- Open tabs
- Themes
If any of those can be maliciously manipulated, it will likely be spread by Chrome sync. Here's malicious activities that I can think of; I'm sure there are more:
- Apps and extensions - Many, many ways to do bad stuff here. These can open windows, alter page contents, redirect pages, etc...
- Autofill information - An attacker could try to have online orders shipped to the their address or fill in other information.
- Bookmarks - Alter your bookmarks to go to attacker's site.
- History - As this is used for completion, you can misdirect the user when typing an URL to go to the attacker's URL.
- Passwords - Assuming you can only set passwords and not get them, all that I can think of is that an attacker could trick a user into logging into a site as the attacker. Presumably the user would enter confidential information or do something else that would be of value to the attacker.
- Settings - You mention proxies. Therer's also the settings for the new tab and home pages. I'm sure there's more.
- Open tabs - Open pages with malicious content or downloads on remote devices.
- Themes - Can't think of much. Perhaps change the user's theme to lots of cats?
Destroying data in Chrome sync may also be a way to spread malicious activity. For example, just deleting all of a user's bookmarks could cause great pain for bookmark-heavy users.
While every piece of browser malware may not be applicable to being synced across instances, certainly there are many ways to do it.