11/12/2023 0 Comments Google chrome hack news 2022![]() When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user’s computer. In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. It is common for users to download these keys and then upload them back to the website in order to verify their ownership of the account. These keys serve as a backup in case the user loses access to their account for any reason, such as forgetting their password. Many crypto wallets and other online services require users to download “recovery” keys in order to access their accounts. This scenario demonstrates the potential impact of the symbolic link following vulnerability on Chrome and Chromium-based browsers. The user may not even realize that anything is amiss, as the website could be designed to look legitimate and the process of downloading and uploading the “recovery” keys could appear normal. When the user unzips and uploads the “recovery” keys back to the website, the symlink would be processed and the attacker would gain access to the sensitive file. These keys would actually be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as a cloud provider credential. The website could trick the user into creating a new wallet by requesting that they download their “recovery” keys. Attack scenarioĪn attacker could create a fake website that offers a new crypto wallet service. ![]() Symbolic links are processed, recursively resolved, and there’s no extra warning or confirmation for the user. However, during our testing, we found that when you drop a file or folder onto a file input, it’s handled differently. They even have extra safety measures, like asking for extra confirmation from the user if they try to upload lots of files at once. When we checked out the APIs that developers often use for file uploads, like the Drop Event, File Input, or File System Access API, we noticed that they usually don’t deal with symbolic links. We looked into how Chrome and other Chromium-based browsers handle file systems. This issue is commonly known as symbolic link following. Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files. In the case of the vulnerability we disclosed to Google, the issue arose from the way the browser interacted with symlinks when processing files and directories. However, symlinks can also introduce vulnerabilities if they are not handled properly. This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way. ![]() It allows the operating system to treat the linked file or directory as if it were at the symlink’s location. What’s a symlink?Ī symlink, also known as a symbolic link, is a type of file that points to another file or directory. In this case, the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks. However, it also increases the likelihood of cross-browser vulnerabilities. The popularity of Chromium has many benefits, such as compatibility and security audits. Two other top 6 browsers, Opera and Edge, are based on Chromium, the open-source version of Chrome, bringing Chromium’s market share to over 70%. Chrome is the most widely used browser, with a 65.52% market share.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |