Chrome users around the world have been given a new scare this week, as a new vulnerability has been reported that allows hackers to steal users’ confidential information. According to the new security update, all Chromium-based web browsers have a high vulnerability risk, which has given hackers access to people’s systems and stolen details such as user login information and crypto wallets.
The problem is likely to cause concern for the more than 2 billion Chrome users worldwide. Imperva security experts have raised the alarm, explaining the main reason for this possible breach.
CHROME SECURITY RISK: WHAT IS THE ISSUE
The firm says Chrome browsers are facing issues related to the file systems interacting with the browser, the process known as symlinks. These are files that point to another file or directory, as highlighted by the security firm. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the researchers explained in a blog post.
So, how does the symlink problem endanger anything? According to Imperva, Chrome is not properly checking if the symlink was pointing to a location, and in such cases, vulnerabilities can arise, which is exactly what has happened on Chromium in the last few days.
If attackers discover this flaw, they can simply set up a website and ask users to download their recovery keys, giving them access to sensitive information. The most concerning aspect is that people may be unaware that they are providing such vital information to bad actors, which can then be used to steal other details or even money.
Has Google done anything to address the issue? The answer is yes. Google first detailed the vulnerability in its risk assessment before issuing a patch via Chrome 108. According to the company, if you intend to download recovery keys from the browser, make sure you have this version of Chrome installed and updated on your systems.