Categories: Google

Google Chrome Bug Lets Sites Write to Clipboard Without Asking

There was an unintended bug introduced in version 104 of Google Chrome. It has been found in the bug that there is no need for users to approve clipboard writing events when they visit websites that require this approval.

This security flaw has been identified on August 28 2022 by the security analyst, Jeff Johnson.

Google Chrome is not the only browser that provides this functionality. While Web pages can also be recorded to the system clipboard by Safari and Firefox, they are still protected by gestures in order to prevent the clipboard content from being copied.

A fix for this problem has yet to be released by the Chrome developers, but they have identified the problem. This issue has been noted in both mobile and desktop versions of the Google Chrome browsers.

Overwriting your system clipboard

It is an operating system’s default function to store temporary data in the system clipboard. Copy-pasting is often used to paste data into a document and sensitive information may be involved in some cases like:-

  • Banking account numbers
  • Cryptocurrency wallet strings
  • Passwords
  • Debit card numbers
  • Credit card numbers

It is possible for users to become victims of malicious activities if this temporary storage space is overwritten with arbitrary content using the overwrite functionality.

Using specially crafted web pages, threat actors could simulate a legitimate cryptocurrency service in an attempt to lure users to their websites. 

There is the possibility that the website could write to the clipboard the address of the threat actor when the user tries to make a payment by copying their wallet address to the clipboard.

The user may be presented with additional content when selecting text to copy from a web page on some websites. There is no way for the user to see or control what content is being copied when the clipboard fills up with arbitrary data.

Know impacted or not?

Using “webplatform(.)news”, you can determine whether or not this issue is affecting your web browser, so check that out. You can then copy the contents of your clipboard into a text editor and paste them there.

The issue does not affect all Chromium-based browsers, but it is affecting some of them. This “StopTheMadness” extension can be used by users who are extremely concerned about this problem.

Secure Azure AD Conditional Access – Download Free White Paper

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

8 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

11 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

15 hours ago