A Vulnerability in Google Chrome puts data of more than 2.5 billion browser users worldwide at risk. According to cybersecurity company Imperva, the bug allowed the theft of confidential information, cloud provider credentials, and even cryptocurrencies.
In a report released last Wednesday (11), the company explained that the flaw stems from the way the search giant’s browser interacts with symbolic links when processing directories and files. These links help create shortcuts, redirect paths, and organize files.
However, the software did not properly check if the symlinks were pointing to an inaccessible location. facilitate stealing confidential files. In an eventual attack scenario, cybercriminals can trick a cryptographic wallet user, for example, into accessing a fake website and downloading a file containing a symbolic link to a folder on the device.
By running the file that appears to be the service’s recovery keys, the victim opens the doors to attackers, giving them access to the original file with their real credentials. The company did not make a statement about whether this vulnerability in Google Chrome was exploited.
Edge and others were also affected.
It is technically defined as: CVE-2022-3656The vulnerability in Chrome also affected other Chromium-based browsers. That is, users of Microsoft Edge, Mozilla Firefox and Opera, among other programs, were at the same risk of having confidential data accessed by intruders.
The bug, dubbed SymStealer by researchers, was reported to Google shortly after its discovery last year, which classified it as moderate. The good news is that the issue was quickly resolved with the Chrome 107 and Chrome 108 updates released in October and November respectively.
To avoid any risk, it is recommended to update Google Chrome immediately if you are using older versions. The cybersecurity firm states, “It’s important to always keep your software up-to-date to protect against the latest security vulnerabilities and ensure your personal and financial information stays safe.”
Source: Tec Mundo
