Key Points:
Imperva’s cybersecurity specialists discovered a problem with how the roughly 2.5 billion users of Chrome and Chromium-based browsers interacted with file systems, more specifically, how browsers handle symlinks.
The vulnerability allows hackers to steal sensitive user files, such as login credentials and cryptocurrency wallet codes. The vulnerability is caused by a malfunction in the Chromium browser’s symlink processing.
According to Imperva, symlinks (also known as symbolic links) are files that point from a web browser to other files, known as directories.
“This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the researchers explained in a blog post.
This allows Chromium to treat connected files or directories as if they belonged to the file address itself.
The researchers found that the browser failed to check correctly to see if the symlink was referring to a location intended to be inaccessible, which means that if these files aren’t handled properly, they potentially present vulnerabilities.
A threat actor could construct a phony cryptocurrency wallet and a website that would ask users to obtain their recovery keys in order to launch an attack. A genuine symlink to a private file or folder on the user’s computer would be contained in the downloaded file. It’s possible that the file contains cloud provider login information or anything similar.
Experts have found that the Chromium browser does not determine whether the address of the file that the symlink navigates to is allowed to be accessed. The worst case scenario is that the victim would be utterly unaware that their private information has been hacked.
This vulnerability has a tracking code of CVE-2022-3656. This has been fixed by Google in the Chrome 108 update.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
While Aave finds itself in uncertain territory, a fresh face in the crypto scene, Qubetics…
Analysts push for a Dogecoin price surge to its $0.2288 yearly high while ETFSwap (ETFS)…
Discover the promising altcoin under $1 that may outperform XRP amid election volatility and market…
Campinas, Brazil, 5th November 2024, Chainwire
Terra Shuttle Bridge has now been closed, and all remaining LUNC and USTC tokens have…
Miami, Florida, 5th November 2024, Chainwire
This website uses cookies.