• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Google Chrome ‘SymStealer’ Vulnerability Could Affect 2.5 Billion Users

You are here: Home / General Cyber Security News / Google Chrome ‘SymStealer’ Vulnerability Could Affect 2.5 Billion Users
January 12, 2023

The Chromium vulnerability (tracked CVE-2022-3656) found by Imperva security scientists in July 2022 and patched in September could however affect 2.5 billion users if they do not update their browsers.

The warning will come from Imperva’s security researcher Ron Masas, who released a weblog submit about the flaw (generally identified as “SymStealer”) on Wednesday.

In distinct, the vulnerability enables for the theft of delicate information, such as crypto wallets and cloud service provider qualifications, by exploiting how browsers approach symbolic backlinks (symlinks).

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“[Symlinks] can be beneficial for building shortcuts, redirecting file paths, or arranging information in a much more adaptable way,” Masas wrote.

“Nevertheless, [they] can also introduce vulnerabilities if they are not managed effectively. In the circumstance of the vulnerability we disclosed to Google, the issue arose from the way the browser interacted with symlinks when processing files and directories.”

In other terms, thanks to the flaw, the browser did not effectively verify if the symlink was directing customers to a locale that was not intended to be accessible, which, in transform, enabled the theft of delicate information.

“This issue is generally recognized as symbolic connection following,” defined Masas, who additional the bug could be employed by an attacker, for occasion, to generate a pretend internet site that gives a new crypto wallet services.

Immediately after discovering the vulnerability, Imperva developed a evidence-of-idea on the Chromium bug tracker, showcasing how a linked attack could take place in the wild.

“After disclosing the vulnerability to Google, the Imperva staff identified that the initially repair, launched in Chrome 107, did not totally address the issue,” Masas revealed.

“The staff notified Google of this, and the issue was totally solved in Chrome 108. It is significant to often retain your computer software up to date in get to secure from the hottest vulnerabilities and make sure that your personalized and fiscal details stays safe.”

SymStealer is only the hottest Chrome vulnerability identified in the latest months. In September 2022, developer Jeff Johnson located a flaw that would allow web pages to substitute the content of the process clipboard devoid of the user’s consent or interaction.

Far more not long ago, Google patched a zero-working day vulnerability (tracked CVE-2022-4135) that could possibly help attackers to corrupt knowledge and remotely execute code on a victim’s machine.


Some components of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Cyber-Threat Actors Tailoring Attacks to Key Sectors

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Google Chrome ‘SymStealer’ Vulnerability Could Affect 2.5 Billion Users
  • Cyber-Threat Actors Tailoring Attacks to Key Sectors
  • IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
  • Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
  • Microsoft’s VALL-E will usher in new era of cyber crime
  • Quarter of UK SMBs Hit by Ransomware in 2022
  • Twitter: Leak of 200 Million Accounts Not Due to Historic Bug
  • Royal Mail Halts International Deliveries After Cyber-Incident
  • Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk
  • Patch where it Hurts: Effective Vulnerability Management in 2023

Copyright © TheCyberSecurity.News, All Rights Reserved.