Friday, May 2, 2025
HomeCyber security CourseSymStealer Vulnerability Let Attacker Steal Login Credentials from Google Chrome

SymStealer Vulnerability Let Attacker Steal Login Credentials from Google Chrome

Published on

SIEM as a Service

Follow Us on Google News

The SymStealer vulnerability CVE-2022-3656, newly disclosed by the Imperva Red Team, affects over 2.5 billion users of Google Chrome and Chromium-based browsers. Reports say sensitive files, including cloud provider user credentials and crypto wallets, might have been stolen due to this flaw.

Chrome has a market share of 65.52%, making it the most popular browser. Chromium, the open-source variant of Chrome, is the foundation of two additional top-6 browsers, Edge and Opera, increasing Chromium’s market share to over 70%.

Details of SymStealer Vulnerability

The bug was given the name SymStealer by Imperva researchers. The problem arises when an attacker uses the File System to access unauthorized files and get around programme limitations.

- Advertisement - Google News

Imperva’s analysis revealed that when a user drags and drops a folder directly onto a file input element, the browser recursively resolves all symlinks without displaying a warning.

“During our testing, we found that when you drop a file or folder onto a file input, it’s handled differently. Symbolic links are processed, recursively resolved, and there’s no extra warning or confirmation for the user”, Imperva Red Team.

A file type that points to another file or directory is called a “symlink” often known as a symbolic link. By doing this, the operating system is able to handle the linked file or directory as if it were actually there where the symlink is. 

Shortcuts, rerouting file paths, and more flexible file organization can all be accomplished using this.

Requesting that the user download their “recovery” keys could lead to the website tricking the user into creating a new wallet.

In reality, these keys would be a zip file with a symlink to a sensitive file or folder on the user’s computer, like cloud provider credentials. 

The symlink would be activated and the attacker would have access to the sensitive file after the victim unzips and uploads the “recovery” keys back to the website. 

The website may be made to look authentic, and the process of obtaining and uploading the “recovery” keys could seem regular, so the user could not even be aware that anything is wrong.

To access their accounts, customers of many online services, including crypto wallets, must download “recovery” keys.

“The attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user’s computer”, explains the researchers.

The size of the file input element was modified by Imperva researchers using CSS so that the file uploads regardless of where the folder is dropped on the page.

Final Word

Hackers frequently utilize software flaws, like the one recently publicly disclosed, to get access to cryptocurrency wallets and steal the money they contain.

It’s crucial to keep your software updated and to stop downloading files or clicking on links from unauthorized sources if you want to secure your cryptocurrency assets. 

A hardware wallet is another smart choice for storing your cryptocurrency because it is not connected to the internet, making it less susceptible to hacking attacks.

To create secure, unique passwords for your crypto accounts, researchers recommend using a password manager and also turning on two-factor authentication is essential.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New MCP-Based Attack Techniques and Their Application in Building Advanced Security Tools

MCP, developed by Anthropic, allows Large Language Models (LLMs) to interface seamlessly with external...

Cyberattack Targets Iconic UK Retailer Harrods

Luxury department store Harrods has become the latest UK retailer to face a cyberattack,...

Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.

Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking...

Why CISOs Are Adopting DevSecOps for Secure Software Development

CISOs adopting DevSecOps strategically enhance security measures while ensuring fast-paced software development, responding to...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...