Google Chrome is a widely used web browser that is used by billions around the world. Imperva Red, a cyber security company, discovered a security flaw in Google Chrome. The vulnerability could have adverse effects on the data of more than 2.5 billion people. The vulnerability was dubbed CVE-2022-3566, and allowed the theft of sensitive files such as cloud provider credentials and crypto wallets.
The blog states that the vulnerability was discovered by examining the interactions of the browser with the file system. It specifically looked for vulnerabilities in the way browsers process Symlinks.
What is a Symlink?
Imperva Red defines symbolic links as files that point to another file or directory. The operating system can treat the linked directory or file as if it was at the symlink location. It can be used to create shortcuts, redirect file paths, or organize files in a more flexible manner.
If they aren’t handled correctly, these links could also be used as a way to create vulnerabilities.
The problem in Google Chrome’s case was due to the way that the browser interacts with symlinks while processing files and directories. The blog post explains that the browser failed to properly verify that the symlink pointed to an unintentionally accessible location, which led to the theft of sensitive files.
Also read : Cooperation for resilient healthcare systems
How have symlinks impacted it?
The firm explained how Google Chrome was affected by the vulnerability. It stated that an attacker could create fake websites that offer a new cryptocurrency wallet service. This website could then trick the user into downloading their “recovery” keys and create a new wallet.
These keys are actually a zip file that contains a symlink for a sensitive folder or file on the user’s hard drive, such as a cloud provider credential. The blog states that the symlink will be processed when the user unzips and then uploads the “recovery” keys back to the website.
Imperva Red claims that it notified Google about the vulnerability, and that the issue was resolved in Chrome 108. Users are advised to keep their software current to avoid such vulnerabilities.