Google Chrome Bug Lets Websites Overwrite System Clipboard
In a hypothetical situation, the attackers could entice a victim to navigate to malicious websites and pages where the user could be tricked into providing information via clipboard systems.
A new Google Chrome bug allows hackers to rewrite the system’s clipboard content without the users’ knowledge or interactions. The vulnerability lets malicious websites overwrite the clipboard content, making the whole process automatic.
Developer Jeff Johnson claimed that the clipboard vulnerability was unintentionally added to Chrome version 104 and was found to be more complex in Google Chrome than in other browsers. However, it was revealed that the vulnerability could also affect Apple Safari and Mozilla Firefox.
Google Chrome vulnerability
According to the report, the Chrome vulnerability allows websites to overwrite a user’s system clipboard. This includes simple actions such as clicking on links or using the arrow keys to navigate the website.
In a hypothetical situation, the attackers could entice a victim to navigate to malicious websites and pages where the user could be tricked into providing information via clipboard systems. This includes the replacement of cryptocurrency wallet addresses as well as bank details of the target. Since the clipboard data could be substituted, the vulnerability can have security ramifications.
Moreover, a mere link to a specific website could also be added to the clipboard by the threat actors, inadvertently forcing victims to download and install malicious software programs. According to the developer, when users visit a page on the internet, the vulnerability would allow the hacker to change the website’s contents with the information on the user’s device clipboard.
How does the vulnerability work?
Google Chrome vulnerability can be dangerous because when the user copies and paste something, the vulnerability will replicate the clipboard’s content without the users’ knowledge, exposing their information to the website owners, given the severity of the issue and the probability of misuse by malicious actors.
The new security patch will be made available soon and can be downloaded by all Google Chrome users. Until the vulnerability is fixed, users have been urged to confirm their clipboard before performing critical actions on the web, such as financial transactions, and avoid opening websites by copying, pasting, and cutting.
A new version of Chrome (105.0.5195.52/53/54) for Windows, macOS, and Linux was released by Google, and it contains patches for 24 issues, 10 of which are use-after-free flaws in Network Service, WebSQL, PhoneHub, and other services.
