Scam Alert

Google Chrome Security Vulnerability Detected Could Lead To Crypto Wallet Stealing

Key Points:

  • Details of a recently identified and fixed vulnerability that affected over 2.5 billion users of Google Chrome and all Chromium-based browsers have been released by the cyber security researchers at Imperva Red Team.
  • The vulnerability, identified as CVE-2022-3656, enables remote attackers to obtain private user information, including login credentials for cloud service providers and information on digital wallets.
  • Researchers from Imperva identified the bug as SymStealer. The problem arises when an attacker uses the File System to access unauthorized files and get around software limitations.
Cyber ​​experts from Imperva Red Team have discovered that Google Chrome and other Chromium-based web browsers are vulnerable to malicious vulnerabilities.

Imperva’s cybersecurity specialists discovered a problem with how the roughly 2.5 billion users of Chrome and Chromium-based browsers interacted with file systems, more specifically, how browsers handle symlinks.

The vulnerability allows hackers to steal sensitive user files, such as login credentials and cryptocurrency wallet codes. The vulnerability is caused by a malfunction in the Chromium browser’s symlink processing.

According to Imperva, symlinks (also known as symbolic links) are files that point from a web browser to other files, known as directories.

“This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the researchers explained in a blog post.

This allows Chromium to treat connected files or directories as if they belonged to the file address itself.

The researchers found that the browser failed to check correctly to see if the symlink was referring to a location intended to be inaccessible, which means that if these files aren’t handled properly, they potentially present vulnerabilities.

A threat actor could construct a phony cryptocurrency wallet and a website that would ask users to obtain their recovery keys in order to launch an attack. A genuine symlink to a private file or folder on the user’s computer would be contained in the downloaded file. It’s possible that the file contains cloud provider login information or anything similar.

Experts have found that the Chromium browser does not determine whether the address of the file that the symlink navigates to is allowed to be accessed. The worst case scenario is that the victim would be utterly unaware that their private information has been hacked.

This vulnerability has a tracking code of CVE-2022-3656. This has been fixed by Google in the Chrome 108 update.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Gate.io Launches USDE Financial Products with Annualized Returns of Up to 54%, Ushering in a High-Return Era for Stablecoin Investments

Nov 18th, Panama - Gate.io, a global leader in digital asset trading, has officially unveiled…

11 minutes ago

Bitdeer Convertible Notes Worth $360 Million Offered for Expansion Efforts

The Bitdeer convertible notes offer a 42.5% conversion premium, allowing conversion into cash with the…

40 minutes ago

Sui Foundation Enters into Strategic Partnership with Franklin Templeton Digital Assets

Grand Cayman, Cayman Islands, 22nd November 2024, Chainwire

1 hour ago

Best Cryptos to Invest in December 2024: Qubetics Surges Past $2.6M as Solana Records Big Whale Pump and Polkadot Aims for $6

Best Cryptos to Invest in December 2024: Qubetics surges past $2.6M, Solana’s whale pump ignites…

3 hours ago

Bitcoin Trader Turned $100M in His 20s—Now Reveals 5 Altcoins to Build a $50M Portfolio, With Memecoins Leading the Way!

As Bitcoin reaches unprecedented heights and the market surges, he's highlighting five altcoins poised for…

4 hours ago

Which Crypto Will Explode in the 2024-2025 Bull Run?

With the crypto market reaching new peaks, many are eager to discover digital currencies poised…

4 hours ago

This website uses cookies.