A critical security flaw in the browser Chrome allows hackers to access one billion computers
 |
| A critical security flaw in the browser Chrome |
The same vulnerability found in Chrome and other browsers based on the Chromium project has been revealed by researchers, affecting about 5 billion people worldwide who use Chrome and other browsers based on the Chromium project.
The researchers at Imperva said that this vulnerability is dangerous since it is able to steal sensitive information from users, including their cryptocurrency wallet contents, login credentials, and the contents of their online accounts.
Researchers found that Chrome and Chromium-based browsers (the open source web browser project) are affected by a flaw in the way that they interact with the symbolic links in file systems that are used in files.
In a study published in the journal Proceedings of the National Academy of Sciences, the researchers explain that a symlink is a file that points to another file within the operating system and enables the system to treat it as if it were actually a copy of the original file.
It was explained on the Imperva blog that these (symbolic links) can be used to create shortcuts, redirect files to other locations, or organize files more easily, according to the researchers.
If these files are not handled correctly, however, then they can turn into a vulnerability that hackers can exploit if they are not handled properly.
According to the researchers, a hacker could create a fake cryptocurrency wallet and website on which users would be able to download a replacement key if they would like to carry out an attack.
It is also possible that these files may contain symbolic links to sensitive files on the victim's computer, and because the browser does not handle these files properly, it may result in the theft of cryptocurrency wallets and credentials on the victim's PC as a result of this defect.
According to the researchers, the worst part of this is that the victim will be completely unaware that their sensitive data has been compromised, because many cryptocurrency wallets and other online services require users to download recovery keys to access their accounts, which is why many people are completely unaware they have been compromised.
A researcher at the University of California, Berkeley explained how an attacker would utilize this common practice by providing a zip file containing a symbolic link to a recovery key, rather than the actual recovery key to the user in the scenario described above.
It is being reported that the security vulnerability CVE-2022-3656 has been identified by Google as CVE-2022-3656, and that it has been addressed with Chrome version 108, so users are advised to update their Chrome browsers to the latest version and any browsers based on Chrome as soon as possible.
Before downloading any recovery keys, please make sure you are familiar with the Chromium project first.
FAQ
What is the critical security flaw that affects Chrome and other Chromium-based browsers?
The critical security flaw is a vulnerability in the V8 JavaScript engine that allows hackers to execute arbitrary code on a victim's machine.
What is a symlink, and how does it relate to the security flaw?
A symlink is a symbolic link, which is a pointer to another file or directory. The security flaw allows a hacker to create a malicious symlink that can be used to bypass security checks and gain access to sensitive information.
What types of sensitive information can be stolen by hackers using this vulnerability?
Hackers can potentially steal a wide range of sensitive information, including passwords, credit card details, personal and financial data, and cryptocurrency wallets and credentials.
How can a hacker exploit this vulnerability to steal cryptocurrency wallets and credentials?
A hacker can use the vulnerability to execute arbitrary code on a victim's machine, which can allow them to access the victim's cryptocurrency wallet and credentials.
What is the recommended action for users to protect themselves from this security flaw?
The recommended action for users is to update their browsers to the latest version, which includes a patch for the vulnerability. It is also recommended to avoid downloading and executing files from untrusted sources and to use a reputable antivirus software.