Surfers beware, the latest in the Pandora’s box is the Google Chrome vulnerability codenamed CVE-2022-3656. The new vulnerability allowed for theft of crypto wallets and cloud data/credentials, essentially allowing for easy theft of sensitive data and files on the system. It’s specifically related to symlinks and the way how browsers treat them.
The vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks.
How careful do you need to be?
This vulnerability does not affect users who surf the internet just for the kick of it. The latest vulnerability affects crypto adopters and users keeping their data on cloud apps / wallets.
How does the vulnerability work?
Well simply put, if the browser user is surfing an unsecure website, or a website that may be specifically designed to victimize its users, they may be redirected to a phishing page or a fake website pretending to a crypto wallet service. The fake crypto wallet service may ask you to setup a free account or a free crypto wallet with them. Once you’ve created the wallet, the service may prompt you to download the secret key or the recovery key for the wallet. Whenever the secret/recovery keys may be needed to access the wallet, the website could prompt the user to upload the secret/recovery key zip file. This .zip file may also contain hidden symlinks, which are most likely to be pointed to cloud services/apps on your system. As soon as you upload the secret key zip file, your sensitive file (stored on the cloud) would also be uploaded along with the security key.
“These keys would actually be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as a cloud provider credential. When the user unzips and uploads the ‘recovery’ keys back to the website, the symlink would be processed and the attacker would gain access to the sensitive file.”
How to protect yourself?
Nothing better than to keep your system and browser updated with the latest security patch. Google claims to have patched this dangerous security vulnerability in Google Chrome 108. So make sure to update your Chrome browser if you haven’t already.