Jump to content
  • Vulnerability puts data of 2.5 billion Chrome users at risk

    MagicSahar

    • 376 views
    • 2 minutes
     Share


    • 376 views
    • 2 minutes

    Data of about 2.5 billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. A security firm named Imperva Red has issued a warning that the flaw that has been technically dubbed as ‘CVE-2022-365’ allows hackers to steal information such as cloud based credentials and sensitive files from e-wallets.

     

    Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to treat it as a file linked to a location in directory, which is not in reality.

     

    Symlinks can lead to flaws when mis-handled and can allow the threat actors siphon data from browsers, an act not intended in actual.

     

    With Chrome, the susceptibility arises when the browser interacts with the symlink to process files and directories without checking for the authenticity of the location of the Symbolic link in a file or directory.

    How does this affect the users of Chrome, then?

    Researchers state the hacker can create a fake website that is into the business of crypto wallet and urge users to creating a new wallet via download of recovery keys. These keys can contain zip files loaded with Symlinks connected to sensitive files or folders from the computer. This, when a user unzips the file, the upload of keys back to the website can allow a threat actor to gain access to sensitive files, leading to privacy concerns.

    Google Chrome response

    In response to the alert provided by Imperva Red, the web service provider issued an update that the flaw was addressed in the latest release of Chrome 108 and is thus urging its users to keep their software updated with security covers to all discovered vulnerabilities, such as those arising from Soft links( symlinks).

     

    Source https://www.cybersecurity-insiders.com/vulnerability-puts-data-of-2-5-billion-chrome-users-at-risk/


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...