Google Chrome Bug Lets Sites Write to Clipboard Without Asking

There was an unintended bug introduced in version 104 of Google Chrome. It has been found in the bug that there is no need for users to approve clipboard writing events when they visit websites that require this approval.

This security flaw has been identified on August 28 2022 by the security analyst, Jeff Johnson.

Google Chrome is not the only browser that provides this functionality. While Web pages can also be recorded to the system clipboard by Safari and Firefox, they are still protected by gestures in order to prevent the clipboard content from being copied.

EHA

A fix for this problem has yet to be released by the Chrome developers, but they have identified the problem. This issue has been noted in both mobile and desktop versions of the Google Chrome browsers.

Overwriting your system clipboard

It is an operating system’s default function to store temporary data in the system clipboard. Copy-pasting is often used to paste data into a document and sensitive information may be involved in some cases like:-

  • Banking account numbers
  • Cryptocurrency wallet strings
  • Passwords
  • Debit card numbers
  • Credit card numbers

It is possible for users to become victims of malicious activities if this temporary storage space is overwritten with arbitrary content using the overwrite functionality.

Using specially crafted web pages, threat actors could simulate a legitimate cryptocurrency service in an attempt to lure users to their websites. 

There is the possibility that the website could write to the clipboard the address of the threat actor when the user tries to make a payment by copying their wallet address to the clipboard.

The user may be presented with additional content when selecting text to copy from a web page on some websites. There is no way for the user to see or control what content is being copied when the clipboard fills up with arbitrary data.

Know impacted or not?

Using “webplatform(.)news”, you can determine whether or not this issue is affecting your web browser, so check that out. You can then copy the contents of your clipboard into a text editor and paste them there.

The issue does not affect all Chromium-based browsers, but it is affecting some of them. This “StopTheMadness” extension can be used by users who are extremely concerned about this problem.

Secure Azure AD Conditional Access – Download Free White Paper

Posted by Charlie