Cyber security : Google Chrome bug allows websites to secretly trash clipboard content 

Due to a "major" security issue found in the Google Chrome web browser and Chromium derivatives, malicious web pages could alter clipboard content without requiring user consent or interaction.

Which bug is it ?

According to developer Jeff Johnson, the bug is explained by a clipboard poisoning attack that was accidentally introduced in Chrome version 104. 

In the world of computing, a clipboard is a feature that allows you to store text or graphics that you want to duplicate or move around your computer. With a mouse click or the use of a directional key, the user can cause the website they are visiting to modify the contents of the clipboard.

This technical possibility (substituting clipboard data) exists in other browsers like Apple, Safari, Mozilla Firefox. But what makes the problem serious in Chrome is that it breaks the need for the user to copy content to the clipboard.

 

 

The catch is that it exposes users to cyber attacks. In a hypothetical attack scenario, an adversary could trick a victim into visiting a malicious landing page and rewrite the address of a crypto-currency wallet previously copied by the target with a wallet under their control, resulting in unauthorised fund transfers.

Alternatively, threat actors could overwrite the clipboard with a link to specially designed websites, leading victims to download dangerous software.

"While you are browsing a web page, the page may unknowingly delete the current contents of your system clipboard, which may have been valuable to you, and replace it with whatever the page wants, which could be dangerous for you the next time you paste," Johnson explained.

 

 

A possible way out

Google is already aware of the problem and a patch is expected to be released soon, given the severity of the flaw and the likelihood of abuse by malicious actors.

In the meantime, users are advised not to open web pages between cut/copy/paste actions and to check their clipboard before performing sensitive web operations, such as financial transactions.

Source : The Hacker News

Vanessa Ntoh

Les commentaires


Poster un commentaire