An “important” security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite the clipboard content without requiring the user’s consent or interaction by simply visiting them.
Yes, once again the Californian company’s browser is again the protagonist of a problem: this time, however, it does not concern malicious extensions.
So what problems does this Google Chrome bug cause to the operating system?
It appears that the “direct” clipboard attack was introduced accidentally in version 104 of Chrome, according to developer Jeff Johnson.
Although the problem also exists in Apple Safari and Mozilla Firefox, what makes the problem serious in Chrome is that the requirement for a user gesture to copy the content to the clipboard is somewhat “broken”, making it impossible to do a series. different “copy-paste” (like the Windows capture tool to understand).
As just mentioned, the actions that the user must perform are nothing more than the classic “copy-paste”: this includes selecting a part of text and pressing Control + C (or ⌘-C for macOS) or selecting of “Copy” from the context menu.
“Therefore, an innocent gesture like clicking a link or pressing the arrow key to scroll down the page authorizes the website to overwrite the system clipboard“, he points out Johnson.
The ability to replace clipboard data poses security threats in terms of cybersecurity.
In a hypothetical attack scenario, a malicious hacker could lure a victim to visit a landing page that rewrites the address of a cryptocurrency wallet previously copied (with right mouse button or CTRL + C) from the victim, resulting in a transfer of unauthorized funds.
Alternatively, cyber threat actors could overwrite the clipboard with a link to specially crafted websitesleading victims to download malicious software, or perhaps bring to a “fake login“.
“While you are browsing a web page, the page may, without your knowledge, delete the current contents of the system clipboard, which may be useful for you, and replace them with whatever you want the page to do. [o per meglio dire chi la gestisce ndr]which could be dangerous for you next time you ‘paste’Johnson explained.
Google is already know of this Google Chrome problem and a patch should be released shortly, given the severity of the flaw and the high probability of abuse by malicious people.
So how to defend yourself from this Google Chrome bug?
In the meantime, users are advised to refrain from opening web pages between a cut / copy and paste action and to verify their notes before performing sensitive web operations, such as financial transactions (at least and especially among cryptocurrency users , as mentioned above).
If you want to be sure that when you “paste” the link is right, instead of pasting it for example on Windows notepad (and Mac and Linux equivalents), even if any text program (both Microsoft Office and LibreOffice and so on) ) is fine.
Don’t panic: they are on their way patches released by Google with a new version of Chrome (105.0.5195.52/53/54) for Windows, macOS and Linux with fixes for 24 lines of code, 10 of which related to use-after-free bugs in Network Service, WebSQL, WebSQL, PhoneHub, and others still more or less known.
This is where the software has to do with it – not the operating system
Before anyone says “but I don’t use Winzozz” or “i use the mac a lot” it is not an operating system problem, but something inherent in Google Chrome, in the software, which fortunately is being resolved.
I leave a video showing what this bug looks like.
#Google #Chrome #bug #sites #overwriting #system #notes