Categories: Google

Google Chrome Bug Lets Sites Write to Clipboard Without Asking

There was an unintended bug introduced in version 104 of Google Chrome. It has been found in the bug that there is no need for users to approve clipboard writing events when they visit websites that require this approval.

This security flaw has been identified on August 28 2022 by the security analyst, Jeff Johnson.

Google Chrome is not the only browser that provides this functionality. While Web pages can also be recorded to the system clipboard by Safari and Firefox, they are still protected by gestures in order to prevent the clipboard content from being copied.

A fix for this problem has yet to be released by the Chrome developers, but they have identified the problem. This issue has been noted in both mobile and desktop versions of the Google Chrome browsers.

Overwriting your system clipboard

It is an operating system’s default function to store temporary data in the system clipboard. Copy-pasting is often used to paste data into a document and sensitive information may be involved in some cases like:-

  • Banking account numbers
  • Cryptocurrency wallet strings
  • Passwords
  • Debit card numbers
  • Credit card numbers

It is possible for users to become victims of malicious activities if this temporary storage space is overwritten with arbitrary content using the overwrite functionality.

Using specially crafted web pages, threat actors could simulate a legitimate cryptocurrency service in an attempt to lure users to their websites. 

There is the possibility that the website could write to the clipboard the address of the threat actor when the user tries to make a payment by copying their wallet address to the clipboard.

The user may be presented with additional content when selecting text to copy from a web page on some websites. There is no way for the user to see or control what content is being copied when the clipboard fills up with arbitrary data.

Know impacted or not?

Using “webplatform(.)news”, you can determine whether or not this issue is affecting your web browser, so check that out. You can then copy the contents of your clipboard into a text editor and paste them there.

The issue does not affect all Chromium-based browsers, but it is affecting some of them. This “StopTheMadness” extension can be used by users who are extremely concerned about this problem.

Secure Azure AD Conditional Access – Download Free White Paper

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago