A high-severity vulnerability has affected as many as 2 billion Google Chrome users. You must protect yourself from hackers and the sooner you do it, the better.
Google Chrome has been hit by a new security flaw and it has affected more than 2 billion users! Cyber security firm, Imperva Red has disclosed a high-severity vulnerability, dubbed CVE-2022-3656, which has been affecting Google Chrome and other Chromium-based browsers. The security flaw allows the theft of sensitive files such as cryptocurrency wallets, and login credentials. The cyber security company says that in this case, “the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks.”
For those who are unaware, Symlinks or symbiotic links are files that point to another file. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the blog mentioned. The Imperva team explained that this way symlinks can also introduce vulnerabilities. That’s how this vulnerability affected Chrome browsers.
How Chrome users are at risk
While explaining a potential attack scenario, the cyber security research team said that the threat can create a fake cryptocurrency wallet and the website can request the users to download their recovery keys. This downloaded file will be a symlink to a folder on your computer. This file can be login credentials for a cloud provider. The saddest part is that users will not be aware of the leak of sensitive data.
“In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user’s computer,” the blog mentioned.
What should Chrome users do
Thankfully, there is a way that Chrome users can protect themselves from Chrome vulnerability! The research team mentioned that the first bug fix which was rolled out in Chrome 107 hadn’t addressed the issue completely. However, the issue has been fully resolved in Chrome 108. Hence, it is advised to keep your software up to date in order to protect yourself against the latest vulnerabilities