[ad_1]
In browser version 104 Google Chrome present a bug that allows websites you visit to write to the clipboard without asking the user for approval. The problem also extends to many Chromium-based browsers.
The system clipboard is a temporary storage location that operating systems use to copy “passing” data and is typically used for copy-paste operations. For this reason oftensensitive data passes through the clipboardi such as bank account numbers, cryptocurrency wallet addresses, credit card numbers and even passwords.
The ability to access this portion of space can allow
a attacker to implement certain techniques to target users. For example, it would be possible, on this basis, to create a website that acts as a legitimate cryptocurrency service capable of modifying in the clipboard any address copied by a user trying to make a transaction.
It is worth noting that all browserseven those based on other navigation engines, they often use a rather bland authorization system based on user gestures or interactions, without explicit consent being requested: after all, how many times have we received a clear request for consent to copy the content of a web page to the clipboard?
In some cases, like on Safari and Firefox, for example, pressing a key or moving the mouse wheel is sufficient for the browser to believe that the user’s permission has been granted. Considering how common these actions are, these are mechanisms that probably require correction. The partial good news is that these flaws or weaknesses cannot be abused to read the contents of the notes, which would put the matter on an entirely different level of risk.
Do you want to know if the browser you usually use suffers from this problem? Just go to the site https://webplatform.news, perform simple interactions with the site (scroll the page, press a few keys) then open the notepad and copy the contents of the clipboard. Our browser will be affected by the problem if the following message is copied:
Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the users permission. Sorry for the inconvenience. For more information about this issue, see
https://github.com/w3c/clipboard-apis/issues/182.
Researcher investigating this problem, Jeff Johnson, has developed the “StopTheMadness” extension to mitigate the problem, although he indicates that the extension cannot provide complete protection against occurrence of the phenomenon in all situations. .
.
[ad_2]
Source link
