Google Chrome bug allows sites to write to the clipboard without permission

Google Chrome 104 contains an interesting and nasty bug that allows websites to write data to the clipboard without the user’s permission. The problem is relevant not only for the browser from Google.

In addition to Chrome, the bug affects Safari and Firefox web browsers. Google developers acknowledged the existence of a gap, but the corresponding fix has not yet been prepared.

According to the description , the bug is present not only in the desktop, but also in the mobile version of the browser. What can threaten the exploitation of this problem? For example, let’s imagine the following scenario: attackers lure a user to a specially created site disguised as a cryptocurrency service.

Next, the user tries to make a payment and copies the address of the crypto wallet to the clipboard. And at this moment, a malicious resource can overwrite the data in the buffer and replace the wallet with one owned by cybercriminals.

As developer Jeff Johnson points out in a blog post , virtually all browsers have implemented clipboard writing functionality without proper checks and acceptable protection. For example, while testing Safari and Firefox, Johnson found that using the down key and mouse wheel to navigate gives the site the ability to write data to the clipboard.

By the way, you can check if this problem concerns you personally. To do this, go to webplatform.news and then paste the contents of the clipboard into a text application like Windows Notepad. If you see a message like a screenshot below, the bug is present in your browser.

Google Chrome bug allows sites to write to the clipboard without permission

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts