Vulnerabilities/Malwares

Google Chrome Bug Allows Sites to Silently Overwrite Clipboard Content

Published

on

Google Chrome’s browser and Chromium-based alternatives could have a “major security flaw” that allows malicious web pages to overwrite clipboard content automatically without user interaction.

According to Jeff  Johnson, the clipboard poisoning attack was accidentally introduced into Chrome version 104.

The problem is present in both Apple Safari and Mozilla Firefox. However, Chrome has a much more severe issue. Chrome does not require a user to gesture to copy content.

You can use gestures to select text by pressing Control+C (or MacOS -C) or choosing “Copy” in the context menu.

Johnson explained that a simple gesture such as clicking on a link, or pressing the arrow key for scrolling down the page, gives the website permission overwrite your system’s clipboard.

Security concerns arise from the ability to replace clipboard data. An adversary could use a fake landing page to lure victims into visiting a malicious site. They would then rewrite the address for a cryptocurrency wallet that was previously copied by the victim with their own, leading to unauthorized fund transfers.

Threat actors may also overwrite the clipboard by linking to specific websites. This could lead victims to download potentially dangerous software.

Johnson explained that while you navigate a web page, the site can, without you knowing, erase your current contents from your system clipboard and replace them by anything it wants. This could make you more dangerous the next time you paste.

Google has already been notified of the problem and will release a patch soon. This is due to the severity of the flaws and the possibility of malicious actors exploiting them.

Users are advised to avoid opening web pages that contain cut/copy and past actions. Before performing sensitive web operations such as financial transactions, it is a good idea to verify your clipboard.

The development comes as Google released a new version of Chrome (105.0.5195.52/53/54) for Windows, macOS, and Linux with fixes for 24 shortcomings, 10 of which relate to use-after-free bugs in Network Service, WebSQL, WebSQL, PhoneHub, among others.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version