Google Chrome has been hit by a new security flaw and it has affected more than 2 billion users! Cyber security firm, Imperva Red has disclosed a high-severity vulnerability, dubbed CVE-2022-3656, which has been affecting Google Chrome and other Chromium-based browsers. The security flaw allows the theft of sensitive files such as cryptocurrency wallets, and login credentials. The cyber security company says that in this case, "the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks."
For those who are unaware, Symlinks or symbiotic links are files that point to another file. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the blog mentioned. The Imperva team explained that this way symlinks can also introduce vulnerabilities. That’s how this vulnerability affected Chrome browsers.
While explaining a potential attack scenario, the cyber security research team said that the threat can create a fake cryptocurrency wallet and the website can request the users to download their recovery keys. This downloaded file will be a symlink to a folder on your computer. This file can be login credentials for a cloud provider. The saddest part is that users will not be aware of the leak of sensitive data.
“In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user’s computer,” the blog mentioned.
Thankfully, there is a way that Chrome users can protect themselves from Chrome vulnerability! The research team mentioned that the first bug fix which was rolled out in Chrome 107 hadn’t addressed the issue completely. However, the issue has been fully resolved in Chrome 108. Hence, it is advised to keep your software up to date in order to protect yourself against the latest vulnerabilities
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.