Users of Google Chrome and other Chromium-based browsers are at risk of having their sensitive data, such as the contents of their cryptocurrency wallets and login passwords, stolen by threat actors due to a critical flaw in the software.
Researchers at Imperva, a cybersecurity firm, discovered a weakness in the way Chrome and Chromium-based browsers (used by over 2.5 billion users) communicated with file systems. To be more specific, how symlinks are handled by browsers.
According to the study authors, “symlinks” are files that route the user to another location (such as a different directory). They enable the operating system to treat the file or directory connected by a symlink as if it were really located at the symlink’s location. The researchers said on their blog that this “may be beneficial for building shortcuts, redirecting file routes, or arranging files in a more flexible fashion.”
Possible terrorist attacks
However, the researchers found that the browser didn’t adequately verify whether the symlink was going to a site intended to be inaccessible, which is a security risk if the file isn’t treated correctly and opens the door to exploits.
Researchers described a possible attack scenario in which a threat actor created a phoney bitcoin wallet and a website that prompted users to obtain their recovery keys. In reality, the downloaded file would be a symbolic link to a private location on the user’s hard drive. A cloud provider’s login credentials could be stored in the file. Even worse is that the victim would have no idea that any of their private information had been stolen.
Further, the researchers argue that this tactic isn’t too severe since “many crypto wallets and other online businesses” need users to obtain recovery keys in order to access their accounts.
The attacker in the preceding scenario would take advantage of this widespread practise by giving the victim a zip file containing a symlink instead of genuine recovery keys.
Insufficient data validation in File System bug is the new CVE identifier assigned to this security hole. Make sure you are using Chrome 108, Google’s patch for the problem, before downloading any recovery keys, since the bug was fixed in that version.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover