Security News > 2022 > September > Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content
A "Major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them.
The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson.
While the problem exists in Apple Safari and Mozilla Firefox as well, what makes the issue severe in Chrome is that the requirement for a user gesture to copy content to the clipboard is currently broken.
Threat actors could overwrite the clipboard with a link to specially crafted websites, leading victims to download dangerous software.
"While you're navigating a web page, the page can without your knowledge erase the current contents of your system clipboard, which may have been valuable to you, and replace them with anything the page wants, which could be dangerous to you the next time you paste," Johnson explained.
In the interim, users are advised to refrain from opening web pages between any cut/copy and paste actions and verify their clipboard before carrying out sensitive operations on the web, such as financial transactions.
News URL
https://thehackernews.com/2022/09/google-chrome-bug-lets-sites-silently.html
Related news
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google Chrome change that weakens ad blockers begins June 3rd (source)
- Google Chrome reduced cookie requests to improve performance (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google Chrome to let Isolated Web App access sensitive USB devices (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)