What happened now? A browser vulnerability affecting Chrome, Firefox, and Safari was discovered following a recent release of Chrome software. Google developers have identified a clipboard-based attack that allows malicious websites to overwrite the contents of a user’s clipboard when the user does nothing but visit a compromised web page. The vulnerability also affects all Chromium-based browsers, but appears to be most prevalent in Chrome, where the user gesture used to copy content is currently considered broken.
Google developer Jeff Johnson explained how the vulnerability could be caused in several ways, each of which grants the page permission to overwrite the contents of the clipboard. Once granted, users can be affected by actively triggering a cut or copy action, clicking links on a page, or even performing simple actions such as scrolling up or down on the relevant page.
Johnson elaborated on the error, pointing out that while Firefox and Safari users have to actively copy content to the clipboard using the Control+C or ⌘-C keys, Chrome users can be affected by just viewing a malicious page for no more than a fraction of a second. . second.
Johnson’s blog post links to video examples from Shime, a content creator specializing in content targeted at web developers. Shime’s demos show how quickly Chrome users can be affected, as the vulnerability is activated by simply switching between active browser tabs. No matter how long or what type of interaction the user takes, the malicious site instantly replaces any clipboard content with whatever the attacker chooses to deliver.
To be able to write to the clipboard, the website must be in an active tab. Switching tabs is fast enough. You don’t need to interact with the website or look at it for more than a tenth of a second. pic.twitter.com/KzsT6UByAq
— Shime (ˈshe-meh) (@simevidas) September 2, 2022
Johnson’s blog contains technical details describing how a page can gain permission to write to the system clipboard. One method uses the deprecated command, document.execCommand.
Another method takes advantage of more recent navigator.clipboard.writetext An API that has the ability to write any text to the clipboard without any additional steps. Johnson’s blog includes a demo of how both approaches work for the same vulnerability.
While the vulnerability may not appear dangerous at first glance, users should be aware of how attackers can use content sharing to take advantage of unsuspecting victims. For example, a fraudulent site may replace a previously copied URL with another fraudulent URL, unknowingly redirecting the user to additional sites designed to collect information and breach security.
The vulnerability also provides attackers with the ability to replace copied cryptocurrency wallet addresses stored on the clipboard with the address of another wallet controlled by the attacker. Once the transaction has gone through and the funds have been sent to the fraudulent wallet, there is usually little or no way for the affected user to trace and recover their funds.
According to Hacker News, Google is aware of the vulnerability and is expected to release a fix in the near future. Until then, users should exercise caution to avoid opening pages using copied content from the clipboard, and check the output of their copied content before continuing any activity that could compromise their personal or financial security.