The current, live version of Google Chrome – version 104 – saw the introduction of a bug that could compromise your sensitive data.
Normally, clipboard writing event must be approved by a user, however the bug, found by security expert Jeff Johnson (opens in new tab), has been found to have removed this requirement.
Many of us use our clipboard tens or hundreds of times a day for copying and pasting information from one location to another, and some of this information could contain sensitive information like phone numbers, addresses, passwords and login details, and even payment information.
Chrome clipboard bug
Johnson fears that scams based on this defect could be used to lure users into copying their wallet address into the system clipboard on fake cryptocurrency sites, which could place a risk on an entire digital wallet.
He warns that Google’s web browser isn’t the only one to use such a system; the same source indicates that Safari and Firefox also “allow web pages to write to the system clipboard”, but they have gesture-based protections to provide an element of security.
Johnson summarises the lack of adequate safeguards against protecting system clipboards across all applicable web browsers.
The most commonly used user gesture is Ctrl+C (or Cmd+C for Mac users), however he found that simply pressing the down arrow key to scroll through a website was enough to give sites permission to the computer clipboard.
Handily, there are sites to check whether you are affected. One such site is webplatform.news (opens in new tab), which when visited, may be able to add to your clipboard. All you need to do is visit the site and paste whatever may be in your clipboard into a blank space like a new Word document. If you see the following, the browser you’re using is putting your security at compromise:
“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182.”
Google’s team of Chrome developers is aware of the issue, however a fix is yet to be found.
Via Bleeping Computer (opens in new tab)
