A recently fixed Chromium Browser flaw could have allowed threat actors to harvest files containing troves of data from users. Based on reports, the flaw existed in Google Chrome and Chromium-based browsers that hackers could have exploited before the patch.
According to an investigation, the issue occurred from the method the browser communicated with symlinks when processing documents and directories. Researchers explained that the browser did not properly review if the symlinks were pointing to a location that was not destined to be accessible for the file. Hence, it could have allowed an attacker to steal sensitive files.
Google classified the Chromium Browser flaw as a medium-severity issue.
Google characterised the Chromium Browser flaw (CVE-2022-3665) as a medium-severity issue, meaning it is insufficient data validation in File System. Fortunately, the big-time company has already released a fix for the case in the last months of 2022.
The vulnerability is called SymStealer, which relates to a bug known as a symbolic link. This attack happens when a threat actor exploits the feature to avoid the file system restrictions of a program running on unauthorised archives.
The investigation of Google Chrome’s file handling feature discovered that when a user dragged and dropped a file onto an archive input element, the browser resolved all the symlinks without warning.
In a potential attack, a threat actor could deceive a victim into visiting a fake website and downloading a ZIP file containing a symlink to an important file or folder on the device, such as credentials and wallet keys.
If an identical symlink file is uploaded back to the website as part of the infection chain, the flaw could be exploited by hackers to access an actual file storing the key phrase by accessing the symbolic link.
Hackers could use this flaw to target organisations and users that hold cryptocurrency assets. This exploit could have become a potential threat since more users use digital assets today.
As of now, it is still a mystery if other hackers had already exploited the flaw before the company patched it. Therefore, users should be wary of handling their assets and keys to avoid data or fund loss.
