Google Chrome and other Chromium-based browsers (opens in a new tab) were found to have a high-severity vulnerability that allowed threat actors to steal people's private files, including the contents of their wallets, cryptocurrencies and login credentials.
Imperva's cybersecurity specialists have discovered that the way Chrome and Chromium browsers (used by some XNUMX billion people) interact with file systems is imperfect. Particularly, how browsers handle symbolic links.
Symbolic links, or symbiotic links, are files that point to another file or directory, the scholars explain. They let the operating system handle the linked file or directory just as if it were at the symbolic link location. "This can be useful for creating shortcuts, redirecting file paths, or organizing files more flexibly," the scholars explained in a weblog post (opens in a new tab).
Possible attack scenarios
But if these files are not handled properly, they can present vulnerabilities, and the researchers found that the browser did not properly check if the symbolic link pointed to a location developed to be unreachable.
Describing a possible attack scenario, the scholars claimed that a threat actor could create a fake cryptocurrency wallet and a site that asks users to upload their restore keys. The uploaded file would actually be a symbolic link to a reserved file or folder on the user's computer. This file could be the login credentials of a cloud provider or something similar. The worst part is that the victim would be absolutely oblivious to the fact that their private data has been compromised.
Furthermore, the strategy wouldn't be too extreme either, the scholars claim, saying that "many crypto wallets and other online services" require users to download restore keys to access their accounts.
"In the attack scenario described previously, the attacker would exploit this common practice by giving the user a zip file containing a symbolic link instead of the actual restore keys."
The vulnerability is now identified as CVE-XNUMX-XNUMX, a poor data validation flaw in the filesystem. Since then, Google has fixed the issue and released Chrome XNUMX as a solution. So make sure you are already running this version of the browser before downloading the restore keys.