Information security researchers have found a critical security vulnerability in Chrome and other browsers built on the Chromium project, which affects around 2.5 billion users in Worldwide.
Imperva researchers said the severity of the vulnerability lies in the fact that it allows hackers to steal users’ sensitive files, including: the contents of cryptocurrency wallets and login credentials.
According to the researchers, the way in where Chrome and browsers based on the Chromium open source web browser project interact with so-called symbolic links in files system suffers from a defect.
Researchers explain that symbolic links (Symlinks) are files that refer to another file or directory in operating systems and allow the system to manage the file or the directory associated with the original files as if they were in the same location.
“These (symlinks) can be useful for creating shortcuts, redirecting file paths, or organizing files in more flexible way,” explained the researchers in a post on the blog about Imperva. But if these files are not handled properly, they can transform in a vulnerability that hackers can exploit.
Describing a possible attack scenario, the researchers said a hacker could set up a fake cryptocurrency wallet and a website asking users to download its recovery keys.
In case in which the victim downloads these files, they could be symbolic links to a sensitive file or folder on the computer of the user and, due to the flaw in the browser’s handling of these files, could lead to the theft of cryptocurrency wallets and credentials on the device.
The worst part, according to the researchers, is that the victim will be completely unaware that their sensitive data has been compromised, especially since many cryptocurrency wallets and other services online require users to download recovery keys to access their accounts.
“In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symbolic link instead of physical recovery keys,” the researchers said.
The vulnerability is now tracked under the identifier (CVE-2022-3656) and Google addressed it with Chrome browser version 108, therefore users are advised to install the latest version of the browser and browsers based on the Chromium project , before downloading any recovery keys.
Read More About: Technology News
The post A serious security vulnerability in Chrome could affect billions of users appeared first on Asume Tech.
from Technology - Asume Tech https://asumetech.com/a-serious-security-vulnerability-in-chrome-could-affect-billions-of-users/
No comments:
Post a Comment