A vulnerability in Google Chrome has put at risk the data of more than 2.5 billion browser users worldwide. According to cybersecurity firm Imperva, the error allowed you to steal sensitive information, cloud provider credentials and even cryptocurrencies.
In a report released 11th January, the company explained that the failure arose due to the way the search giant’s browser interacted with symbolic links when processing directories and files. These links help in creating shortcuts, redirecting paths, and organizing files.
However, the software did not correctly verify that symbolic links pointed to an inaccessible location, making it easier to steal sensitive files. In an eventual attack scenario, cybercriminals could induce a cryptographic wallet user, for example, to access a fake website and download a file with symbolic link to a folder on the device.
When running the file that was passing through the service recovery keys, the victim would eventually open the doors to the attackers, freeing up access to the original file with their true credentials. The company did not say whether this flaw in Google Chrome came to be exploited.
Edge and others were also affected
Technically identified as CVE-2022-3656, the vulnerability in Chrome also affected other Chromium-based browsers. That is, users of Microsoft Edge, Mozilla Firefox and Opera, among other programs, were at the same risk of having sensitive data accessed by attackers.
Dubbed SymStealer by researchers, the bug was reported to Google shortly after its discovery last year, which classified it as of medium severity. The good news is that the problem had a quick fix, through updates to Chrome 107 and Chrome 108, released in October and November, respectively.
To avoid any risks, the recommendation is to update Google Chrome immediately if you’re using older versions. “It is important to always keep your software up to date to protect against the latest vulnerabilities and ensure that your personal and financial information remains secure,” the cybersecurity company warned.