Google Chrome Users Security Risk: A cyber security firm said that users can be harmed by tampering with the symlink file. In case of cyber attack, your crypto wallet and other important information can be in the hands of hackers.
Google Chrome Security Issues: Be careful if you use Google Chrome to run the Internet . A report has claimed that 2.5 billion users around the world are at risk due to a flaw in Google's browser . While using the Internet, due to this flaw in Chrome's security, important data of the users can be stolen. This danger is so great that hackers can take advantage of it and steal all the money from the crypto wallet of the users.
According to cyber security firm Imperva Red, a vulnerability in Google Chrome and Chromium-based browsers has put the data of 2.5 billion users at risk. Sensitive files can be stolen from a threat called CVE-2022-3656. If this happens, information like cloud provider credentials and crypto wallet can be leaked.
This is how we came to know weakness
In a blog post, Imperva said that after reviewing the way browsers interact with the file system, it discovered common vulnerabilities, particularly those involving browser process symlinks. Imperva explained that a symlink or symbolic link is a type of file that points to another file or directory. It allows the operating system to use the linked file or directory.
Symlink threat
Symlink helps a lot in creating shortcuts, redirecting files or organizing files. However, if such links are not handled properly, then they can also create weakness. In case of Google Chrome, the symlink is not checked properly. Sensitive files can be stolen if the simling points to a location that is not intended to be accessed.
Chrome users will be cheated like this
The firm said that cyber attackers can create a fake website that provides a new crypto wallet. The website can then trick users into creating a new wallet by requesting them to recover the key. Basically this 'key' will be a zip file, which contains a symlink to a sensitive file or folder on the user's computer. As soon as the user unzips the 'recover key' and uploads it on the website, the symlink will be processed and the user's personal information can be accessed by the attacker.
What should Chrome users do?
Imperva said that it has informed Google about this and this deficiency has been completely removed in Chrome 108. Therefore users are advised to keep their software updated so that any such threat can be avoided.
No comments:
Post a Comment