February 8, 2023
Information security researchers have discovered a dangerous vulnerability in Chrome and other browsers based on the Chromium project, affecting about 2.5 billion users worldwide. Imperva researchers said the severity of the vulnerability lies in the fact that it allows hackers to steal files. , including: contents of cryptocurrency wallets and login credentials.

The way Chrome and browsers based on the Chromium open source web browser project interact with so-called symbolic links in file systems has a flaw, the researchers say.

The researchers explain that symbolic links (Symlinks) are files that link to another file or directory in operating systems, and they allow the system to treat the file or directory associated with the original files as if they were in the same location.

“These (symbolic links) can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the researchers explained in their Imperva blog. But if these files are not handled properly, they can turn into a vulnerability for hackers.

Describing a possible attack scenario, the researchers stated that a hacker could create a fake cryptocurrency wallet and a website that asks users to download his recovery keys.

In the event that the victim downloads these files, they may be symbolic links to a confidential file or folder on the user’s computer, and due to a flaw in the browser’s handling of these files, this may lead to the theft of cryptocurrency wallets and credentials. on the device.

Worst of all, according to the researchers, is that the victim will be completely oblivious to the fact that their confidential data has been compromised, especially since many cryptocurrency wallets and other online services require users to upload recovery keys to access their accounts. records.

https://colab.research.google.com/drive/165DsONBIDoh_v6Zxbg8caIESi-Hiza5q
https://colab.research.google.com/drive/1y8C26XAQAeH5V2or_Bzt2ysnvo_Qvgl7
https://colab.research.google.com/drive/1QtwYs4kosVX6_z_dB-yXu70Fx9cOfGVR
https://colab.research.google.com/drive/1DQsCGGbnRqTBcFBEBTmneTgCevN4bBDs
https://colab.research.google.com/drive/1SEc1gmmkPKwzbXPMggxLNq0eWFLg7JlI
https://colab.research.google.com/drive/19QsmuQX3tE_rqHzGGZF5lJcvm_1p91pd
https://colab.research.google.com/drive/1YVg3RfN_DqMZxLsNZsUFON9XhEJvOLv_
https://colab.research.google.com/drive/17i9GAYbJgpxwj8G08Z-TX6Q1i3kPvW-I
https://colab.research.google.com/drive/1Zjv9D3ctOe1nkMNj8BcvcUVEf2TJSMrq
https://colab.research.google.com/drive/11oGu9LUVvVDnvfwvF2nJR4RZhlytlXoN
https://colab.research.google.com/drive/1VXcIDip0mUH-pTFy3dbesIv2Op3AEUY1
https://colab.research.google.com/drive/1pUVvxmb60urKeEh5IN8COXd2y61XTr6N
https://colab.research.google.com/drive/151pTg-5QkJou7vYjyF2cS-WdNxMPOdmL
https://colab.research.google.com/drive/1SzBY2w96LRhR8wyGBvBNdUO_WbunoYPv
https://colab.research.google.com/drive/1hTF9rXnA0zbUBD21aayu8K6YJE8_18vD
https://colab.research.google.com/drive/1ymJiR6AvjdJ6ggbAD6V375a5SjiKH-OI
https://colab.research.google.com/drive/1zzTleWjNo5iPKcO7UJCu32QDP6_UySs8
https://colab.research.google.com/drive/1gKvlaxBi7tB0i00U_sa3wDs9NVzjt8TF
https://colab.research.google.com/drive/14EzYtZC5AjthRDqQ8U0cPixPv0hAvX73
https://colab.research.google.com/drive/10wlBZlP9Z5qKWiGBmed10Fv0syFHLtCq
https://colab.research.google.com/drive/1qaGiW9g3nGzXmoYJZlbBcmESqQ2wqwWS
https://colab.research.google.com/drive/15nnAod_zTfy8jAMh5Gr9kNFSKS2RtsXc
https://colab.research.google.com/drive/1F45CPJvkwTYxM5ls6EGvyO8T3Wce0dDi
https://colab.research.google.com/drive/1f0gvGu-hWUq2lKBpy9boHBhr0iG_u_EJ
https://colab.research.google.com/drive/1IlxZLkrImDpjn3WIpP1LK7uKoTmjiEGm
https://colab.research.google.com/drive/1Ro4T2gC4iGNJMLTbNXTX3uvaH44GAjbo

Leave a Reply

Your email address will not be published.