The current, live version of Google Chrome, version 104, saw the introduction of a bug that could potentially compromise your sensitive data.
Normally, the clipboard write event must be approved by a user, but the bug, found by security expert Jeff Johnson (opens in a new tab), removed that requirement.
Many of us use our clipboard dozens or hundreds of times a day to copy and paste information from one place to another, and some of this information may contain sensitive information such as phone numbers, addresses, passwords and login information, and even Payment information.
chrome clipboard error
Johnson is concerned that scams based on this flaw could be used to trick users into copying their wallet address to the system clipboard on fake cryptocurrency sites, potentially putting an entire digital wallet at risk. .
Note that Google's web browser is not the only one using such a system; the same source says that Safari and Firefox "also allow web pages to write to the system clipboard," but have gesture-based protections to provide an element of security.
Johnson summarizes the lack of adequate safeguards against system clipboard protection in all applicable web browsers.
The most commonly used user gesture is Ctrl + C (or Cmd + C for Mac users), but I found that pressing the down arrow key to scroll through a website is enough to allow users' sites to access the clipboard of the computer.
Practically, there are sites to check if you are worried. One such site is webplatform.news (opens in a new tab), which when visited can be added to your clipboard. All you have to do is visit the site and paste whatever is on your clipboard into a blank space as a new Word document. If you see the following, the browser you are using compromises your security:
"Hello, this message is on your clipboard because you visited the Platform News website in a browser that allows websites to write to the clipboard without user permission. Sorry for the inconvenience. For more information on this issue, see https ://github.com/w3c/clipboard-apis/issues/182.
Google's Chrome developer team is aware of the issue, but no fix has been found yet.
Via Bleeping Computer (Opens in a new tab)