Information about a now-patched vulnerability in Google Chrome and Chromium-based browsers has come to light. This vulnerability might have allowed for the theft of files holding sensitive data if abused.
The problem was caused by the way symlinks were handled by the browser as it processed files and directories, according to Ron Masas of Imperva. In particular, the browser failed to adequately check to see if the symlink pointed to a place that was not intended to be accessible, which permitted the theft of sensitive files.
Versions 107 and 108, released in October and November 2022, contained remedies for the medium-severity flaw (CVE-2022-3656), which Google described as a case of inadequate data validation in the File System.
The flaw, known as SymStealer, is essentially a weakness known as symbolic link (also known as a symlink) following, which happens when an attacker takes advantage of the functionality to go beyond a program's file system limitations and access illegal data.
When a user directly drags and drops a folder onto a file input element, the browser resolves all the symlinks recursively without displaying any warnings, according to Imperva's investigation of Chrome's file handling system (and by extension Chromium).
A threat actor could deceive a victim into visiting a fake website and downloading a ZIP archive file that contains a symlink to a valuable file or folder on the computer, including wallet keys and login information.
The vulnerability could be used to access the actual file storing the key phrase by traversing the symbolic link when the same symlink file is transmitted back to the website as part of the infection chain, such as when a crypto wallet service requests users to upload their recovery keys.
To make it even more trustworthy, an Imperva proof-of-concept (PoC) modifies the size of the file input element using CSS sleight-of-hand so that the file upload is initiated regardless of where the folder is dropped on the page, essentially enabling information theft.
"Due to the potential value of these digital assets, hackers are increasingly focusing on individuals and businesses that own cryptocurrencies", according to Masas. "Hackers frequently utilize software flaws to access cryptocurrency wallets and steal the money they hold", according to the article.
Please do not enter any spam link in the comment box.