Particulars have emerged a few now-patched vulnerability in Google Chrome and Chromium-based browsers that, if efficiently exploited, might have made it doable to siphon recordsdata containing confidential information.
“The problem arose from the way in which the browser interacted with symlinks when processing recordsdata and directories,” Imperva researcher Ron Masas mentioned. “Particularly, the browser didn’t correctly test if the symlink was pointing to a location that was not meant to be accessible, which allowed for the theft of delicate recordsdata.”
Google characterised the medium-severity problem (CVE-2022-3656) as a case of inadequate information validation in File System, releasing fixes for it in variations 107 and 108 launched in October and November 2022.
Dubbed SymStealer, the vulnerability, at its core, pertains to a sort of weak point referred to as symbolic hyperlink (aka symlink) following, which happens when an attacker abuses the characteristic to bypass the file system restrictions of a program to function on unauthorized recordsdata.
Imperva’s evaluation of Chrome’s file dealing with mechanism (and by extension Chromium) discovered that when a person immediately dragged and dropped a folder onto a file enter factor, the browser resolved all of the symlinks recursively with out presenting any warning.
In a hypothetical assault, a menace actor might trick a sufferer into visiting a bogus web site and downloading a ZIP archive file containing a symlink to a precious file or folder on the pc, similar to pockets keys and credentials.
When the identical symlink file is uploaded again to the web site as a part of the an infection chain – e.g., a crypto pockets service that prompts customers to add their restoration keys – the vulnerability might be exploited to entry the precise file storing the important thing phrase by traversing the symbolic hyperlink.
To make it much more dependable, a proof-of-concept (PoC) devised by Imperva employs CSS trickery to change the dimensions of the file enter factor such that the file add is triggered no matter the place the folder is dropped on the web page, successfully permitting for data theft.
“Hackers are more and more focusing on people and organizations holding cryptocurrencies, as these digital property could be extremely precious,” Masas mentioned. “One frequent tactic utilized by hackers is to take advantage of vulnerabilities in software program […] in an effort to achieve entry to crypto wallets and steal the funds they comprise.”
