Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Version 108 has been fixed and security companies disclose high-risk vulnerabilities in Google's Chrome browser that can steal sensitive information from users.

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

CTOnews.com, January 15 (Xinhua)-- Internet security company Imperva Red recently disclosed details of a vulnerability in Chrome / Chromium browsers and warned that the data of more than 2.5 billion users around the world are under security threat.

The company said the vulnerability, tracking number CVE-2022-3656, could steal sensitive data, including encrypted wallets and cloud provider credentials. CTOnews.com learned that in its blog post, "the vulnerability was discovered by reviewing the way browsers interact with the file system, especially common vulnerabilities related to the way browsers handle symbolic links."

Imperva Red defines a symbolic link (symlink) as a file type that points to another file or directory. It allows the operating system to treat linked files or directories as if they were located in a symbolic link. Imperva Red indicates that symbolic links can be used to create shortcuts, redirect file paths, or organize files in a more flexible way.

In the case of Google Chrome, the problem stems from the way browsers interact with symbolic links when dealing with files and directories. Specifically, the browser does not correctly check whether the symbolic link points to a location that is not intended to be accessed, which allows sensitive files to be stolen.

Explaining how the vulnerability affected Google browser, the company said attackers could create a fake website that offers a new encrypted wallet service. The site can then trick users into creating a new wallet by asking them to download the recovery key.

"these keys are actually an zip file containing symbolic links to sensitive files or folders on the user's computer, such as cloud provider credentials," the blog wrote. When the user unzips and uploads the 'recovery' key back to the website, the attacker will gain access to the sensitive file.

Imperva Red said it had notified Google of the vulnerability and that the issue had been completely resolved in Chrome 108. It is recommended that users always keep their software up-to-date to prevent such vulnerabilities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 244

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report