Industry’s Media Platform of Choice
Champion Your Brand in Front of Decision Makers and Extend Your Reach Get Featured in the SPOTLIGHT
Industry’s Media Platform of Choice
Champion Your Brand in Front of Decision Makers and Extend Your Reach Get Featured in the SPOTLIGHT
The Imperva Red Team recently disclosed a vulnerability, dubbed CVE-2022-3656, affecting over 2.5 billion users of Chromium-based browsers.
When a security vulnerability is discovered in any popular application or service, it has the potential to put many internet users at risk.
Recently, the Imperva Red Team discovered a vulnerability in Google Chrome and Chromium-based browsers that threatened 2.5 billion users and could lead to the theft of sensitive files like crypto wallet credentials.
Understanding how this vulnerability works can help the 20% of Americans that hold cryptocurrency safeguard their investment, and identify potentially malicious behavior.
This vulnerability, dubbed CVE-2022-3656, was discovered during a review of how Chrome and other Chromium-based browsers interact with file systems, specifically how the browser processes symlinks.
Symlinks, also referred to as a symbolic link, is a type of file that links to another file or directory, allowing the operating system to treat the secondary asset as if it lived at the symlink’s location. Symlinks are frequently used when redirecting file paths, creating shortcuts, or organizing files, making them critical to browser operability. The problem arises when they are not properly managed.
In the case of CVE-2022-3656, the browser did not adequately confirm whether the symlink was directed to a location that was actually intended to be accessible. This would allow for threat actors to access prohibited files and steal sensitive data. This practice is referred to as symbolic link following. When inspecting the APIs commonly used for file uploads, it was discovered that under certain circumstances, the browser incorrectly processed symbolic links, recursively resolving them without any additional warning or confirmation.
In practice, this presented another attack vector for threat actors. For instance, crypto wallets and other online services often require users who lose access to their account to download “recovery” keys which can then be uploaded to the website as a form of authentication. A threat actor could take advantage of this by creating a false crypto wallet website and tricking an unsuspecting victim into creating a new wallet by asking them to download what appears to be basic recovery keys. In reality, these keys would be a zip file containing a symlink to sensitive data on the user’s computer. When the file is unzipped and uploaded to the fake website, that symlink would be instantly processed, providing the threat actor with clear access to the sensitive file. In short, because Chromium-based browsers immediately process symlinks without any secondary authentication, users can be easily tricked into giving cybercriminals direct access to their most sensitive information, without even realizing it.
After disclosing the vulnerability to Google, the issue was fully resolved in Chrome 108. However, individuals and organizations holding cryptocurrencies should be on alert to protect their credentials and their funds.
Most critically, it’s important to keep software up-to-date and avoid downloading files or clicking links from untrusted sources. Hardware wallets not connected to the internet should be used when storing cryptocurrency as they are less vulnerable. Additional protections like two-factor authentication should be used whenever possible.
This vulnerability is another reminder that users must be proactive against suspicious cyber activity, especially when sensitive cryptocurrency or data is involved.
Ron Masas, Lead Vulnerability Researcher, Imperva
Ron Masas is a Lead Vulnerability Researcher at Imperva. His research area includes privacy on the web, web application security, and side-channel attacks. His research has been acknowledged by famous vendors, including Apple, Google, and Facebook for contribution of discovering vulnerabilities and improving the security in their products.
Made To Stay: Attracting Gen Z Into Manufacturing
A childhood in Kansas, college in California where she met her early mentor, Leigh Lytle spent 15 years in the Federal Reserve Banking System and is now the 1st woman President & CEO of the Equipment Leasing & Finance Association. Join us to hear about her ambition to be a great leader.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2024 Industry today. All Rights reserved.
