Details about vulnerabilities currently being patched in Google Chrome and Chromium-based browsers have emerged. A successful exploit could have siphoned files containing sensitive data.
“This problem arose from the way browsers interacted with symbolic link When dealing with files and directories,” said Imperva researcher Ron Masas. Said“Specifically, browsers did not properly check if symbolic links pointed to locations that were not accessible, which could lead to theft of sensitive files.”
The core of this vulnerability, called SymStealer, relates to a class of vulnerabilities known as symbolic link chasing. Occur If an attacker abuses this feature to bypass a program’s file system restrictions and manipulate unauthorized files.
of Imperva analysis Researchers in Chrome’s file handling mechanism (extended Chromium) found that when users drag and drop folders directly, file input elementthe browser recursively resolved all symlinks without warning.
In a hypothetical attack, an attacker could trick a victim into visiting a fake website and downloading a ZIP archive file containing symbolic links to important files or folders on their computer, such as wallet keys or credentials. there is.
When the same symlink file is uploaded to a website as part of an infection chain (for example, a crypto wallet service asking users to upload a recovery key), this vulnerability can be exploited to reveal the actual file containing the key phrase. A symbolic link that accesses the file in .
To add even more credibility, a proof of concept (PoC) devised by Imperva uses CSS tricks to resize the file input element so that file uploads work no matter where the folder is dropped on the page. to be triggered by Enables information theft.
“Hackers are increasingly targeting individuals and organizations holding cryptocurrencies because these digital assets can be so valuable,” said Mathas. “One common tactic used by hackers is to exploit software vulnerabilities. […] In order to access crypto wallets and steal the funds contained therein. ”