Experts Uncover Security Flaw in Chromium Browser Endangering Confidential Data

A recently identified and now-resolved vulnerability in Google Chrome and Chromium-based browsers has emerged, posing a significant risk. If exploited, this vulnerability could allow attackers to gain unauthorized access to sensitive files containing confidential information.

According to Ron Masas, a researcher at Imperva, the vulnerability stems from the improper handling of symbolic links (or symlinks) when the browser processes files and directories. The failure to verify whether a symlink directed to an unintended and accessible location permitted potential file theft.

Google has labeled this issue, identified as CVE-2022-3656, as medium-severity, citing a lack of sufficient data validation within the File System. The company released patches addressing the flaw in versions 107 and 108 of Chrome, made available in October and November 2022.

Labeled “SymStealer,” the vulnerability is fundamentally tied to a known weakness involving symlink following, which allows attackers to navigate file system restrictions and access unauthorized files. Imperva’s investigation into Chrome’s file handling found that when a user drags and drops a folder onto a file input element, the browser recursively resolves all symlinks without issuing any warnings.

In a plausible attack scenario, a hacker could deceive a victim into downloading a ZIP file that includes a symlink pointing to sensitive information on their system, such as cryptographic wallet keys. If the victim then uploads this symlink back to a phishing website—say, one disguised as a crypto wallet service—the exploit could grant the attacker access to the actual file containing the key by following the symbolic link.

To enhance the effectiveness of the exploit, Imperva’s proof-of-concept employed CSS methods to adjust the file input element’s dimensions. This manipulation ensures that the file upload is triggered regardless of where the folder is dropped, facilitating the covert theft of information.

This vulnerability highlights a growing trend where hackers focus on individuals and organizations managing cryptocurrency, given the significant value of these digital assets. Attackers frequently utilize software vulnerabilities to breach crypto wallets and illicitly access funds.

The tactics potentially employed in this scenario align with the MITRE ATT&CK framework, encompassing techniques related to initial access, as attackers may establish footholds by misleading users into performing specific actions, as well as privilege escalation through the exploitation of vulnerabilities within trusted software environments.

As organizations become increasingly aware of such vulnerabilities, continuous vigilance and effective cybersecurity measures are critical to safeguard sensitive information against potential threats. Businesses are urged to stay updated on software patches and enhance user awareness regarding phishing tactics and vulnerabilities.