A new high severity vulnerability affecting Chromium-based browsers such as Google Chrome and Microsoft Edge has been discovered
Named SymStealer and tracked as CVE-2022-3656 (open in new tab), the vulnerability was first discovered by security researchers at Imperva, when over 25 billion users are not using the latest version of Chrome, they could be at risk of a potential attack
If exploited, an attacker could use this vulnerability to steal sensitive files containing banking and crypto wallet credentials from a user's computer and exfiltrate their account
Chrome's popularity has many advantages, including compatibility and frequent security audits, but as the most widely used browser with a 6552% market share, according to Imperva's blog post (opens in new tab), it is also a very It is also an attractive target for hackers and other cybercriminals
The vulnerability itself concerns symbolic links or a type of file that points to another file or directory Symbolic links are often used to create shortcuts, redirect file paths, or organize files in a more flexible way However, they can also introduce vulnerabilities
Imperva researchers discovered an issue in Chrome where the browser does not properly check whether a symbolic link points to a location that should be inaccessible This allows attackers to steal sensitive files from the victim's machine
In one of the attack scenarios presented by the company, an attacker could create a fake website offering a new crypto wallet service This website could trick the user into creating a new wallet by requesting a recovery key download
Even though the user thinks he or she is downloading a key, the file itself actually contains a symbolic link to a confidential file or folder on the computer After unzipping the file and re-uploading the recovered key to a fake website, the symbolic link is processed and the attacker is able to access the sensitive file
Fortunately, Imperva researchers disclosed the vulnerability to Google, and the search giant deployed a fix in Chrome 107 However, this did not fully address the issue, and a permanent fix was included in the release of Chrome 108
If you are using Chrome, Microsoft Edge, Brave, Vivaldi, Opera, or any other Chromium-based browser, you should immediately download and install the latest update to protect sensitive files on your computer from theft
This security is not available on the Internet
While there have not yet been any instances of this security flaw being exploited, attackers could come up with exploits targeting users with vulnerable versions of Chrome or other Chromium browsers
In addition to keeping your browser and other software up-to-date, you should also consider installing the best antivirus software to protect yourself from malware and other cyber threats
Comments