{"id":638,"date":"2022-09-02T11:01:56","date_gmt":"2022-09-02T11:01:56","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=638"},"modified":"2022-09-02T11:01:56","modified_gmt":"2022-09-02T11:01:56","slug":"google-chrome-bug-allows-sites-to-silently-overwrite-clipboard-content","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=638","title":{"rendered":"Google Chrome Bug Allows Sites to Silently Overwrite Clipboard Content"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D638\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=638&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"9\">Google Chrome&#8217;s browser and Chromium-based alternatives could have a &#8220;major security flaw&#8221; that allows malicious web pages to overwrite clipboard content automatically without user interaction.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"3\">According to Jeff\u00a0 <a href=\"https:\/\/lapcatsoftware.com\/articles\/clipboard.html\" target=\"_blank\" rel=\"noopener\">Johnson<\/a>, the clipboard poisoning attack was accidentally introduced into Chrome version 104.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"5\">The problem is present in both Apple Safari and Mozilla Firefox. However, Chrome has a much more severe issue. Chrome does not require a user to gesture to copy content.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"6\">You can use gestures to select text by pressing Control+C (or MacOS -C) or choosing &#8220;Copy&#8221; in the context menu.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"8\">Johnson explained that a simple gesture such as clicking on a link, or pressing the arrow key for scrolling down the page, gives the website permission overwrite your system&#8217;s clipboard.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"2\">Security concerns arise from the ability to replace clipboard data.<\/span>\u00a0<span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"11\">An adversary could use a fake landing page to lure victims into visiting a malicious site. They would then rewrite the address for a cryptocurrency wallet that was previously copied by the victim with their own, leading to unauthorized fund transfers.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"4\">Threat actors may also overwrite the clipboard by linking to specific websites. This could lead victims to download potentially dangerous software.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"12\">Johnson explained that while you navigate a web page, the site can, without you knowing, erase your current contents from your system clipboard and replace them by anything it wants. This could make you more dangerous the next time you paste.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"7\">Google has already been notified of the problem and will release a patch soon. This is due to the severity of the flaws and the possibility of malicious actors exploiting them.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"10\">Users are advised to avoid opening web pages that contain cut\/copy and past actions. Before performing sensitive web operations such as financial transactions, it is a good idea to verify your clipboard.<\/span><\/p>\n<p><span class=\"wordai-block rewrite-block enable-highlight\" data-id=\"1\">The development comes as Google released a new version of Chrome (105.0.5195.52\/53\/54) for Windows, macOS, and Linux with fixes for 24 shortcomings, 10 of which relate to use-after-free bugs in Network Service, WebSQL, WebSQL, PhoneHub, among others.<\/span><\/p>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D638\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=638&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>Google Chrome&#8217;s browser and Chromium-based alternatives could have a &#8220;major security flaw&#8221; that allows malicious web pages to overwrite clipboard content automatically without user interaction. According to Jeff\u00a0 Johnson, the clipboard poisoning attack was accidentally introduced into Chrome version 104. The problem is present in both Apple Safari and Mozilla Firefox. However, Chrome has a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":639,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[10],"tags":[162],"class_list":["post-638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vul-mal","tag-twitter"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/638"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=638"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/638\/revisions"}],"predecessor-version":[{"id":641,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/638\/revisions\/641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/639"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}