Beware! 2.5 Billion Google Chrome Users are at Risk

Google Chrome is a web browser that is used by billions of people all over the world. Imperva Red, a cyber security company, found a security flaw in Google Chrome and Chromium-based browsers. This puts the data of more than 2.5 billion users at risk.

This flaw, which the company calls CVE-2022-3656, made it possible for sensitive files, like crypto wallets and cloud provider credentials, to be stolen.

Read More: Google Cloud AI Tools for Retailers

“The vulnerability was found through a review of how the browser interacts with the file system. Specifically, the review looked for common flaws in how browsers handle symlinks,” the blog says.

What is a Symlink?

A symbolic link, or symlink, is what Imperva Red calls a file that points to another file or directory. It tells the operating system that the linked file or directory should be treated as if it were at the location of the symlink. It says that a symlink can be used to make shortcuts, change the path to a file, or arrange files in a more flexible way.

But if these links are not handled properly, they can also be used to open security holes.

In the case of Google Chrome, the problem was caused by how the browser handled symlinks when it worked with files and directories. In particular, the browser didn’t check if the symlink pointing to a place that wasn’t meant to be accessible. This made it possible for sensitive files to be stolen, as explained in the blog post.

How Symlinks Affected Google Chrome?

The company says that an attacker could make a fake website that offers a new crypto wallet service. This is how the vulnerability affected Google Chrome. The website could then trick the user into making a new wallet by asking them to download their “recovery” keys.

Read Also: OpenAI Working on Paid Pro ChatGPT Version

These keys would actually be a zip file that contained a symlink to a private file or folder on the user’s computer, such as a cloud provider password. “When the user unzips and submits the “recovery” keys back to the website, the symlink is processed, and the attacker has access to the sensitive file,” the researchers write. blog says.

What should Chrome Users do?

Imperva Red says it told Google about the security hole, and the problem was fixed in Chrome 108. Users should always keep their software up to date to protect themselves from these kinds of weaknesses.


Get Ready for a Festive Season of Entertainment with Max’s December 2023 Schedule

You might be scrolling endlessly, searching for something new...

Goal-Scoring Giants: Top 10 Football Goalscorers of 2023 Revealed

Players from Manchester City, PSG, and Bayern Munich have...

Hulu December 2023 Schedule: Unwrap a World of Entertainment

Are you struggling to keep up with the ever-changing...

Who Is Mattea Roach’s Partner? Latest Updates on Her Personal Life and Career

Mattea Roach is a Canadian tutor, podcaster, and Jeopardy...

How to Craft the Perfect Playlist with Online Music Radios?

Tired of the same old playlists that loop the...