Our #TECH_Newser covers ‘news of the day’ #techNewserTechnology content.
Google Chrome bug could let dodgy websites mess with your clipboard
The current, live version of Google Chrome – version 104 – saw the introduction of a bug that could compromise your sensitive data.
Normally, clipboard writing event must be approved by a user, however the bug, found by security expert Jeff Johnson (opens in new tab), has been found to have removed this requirement.
Many of us use our clipboard tens or hundreds of times a day for copying and pasting information from one location to another, and some of this information could contain sensitive information like phone numbers, addresses, passwords and login details, and even payment information.
Chrome clipboard bug
Johnson fears that scams based on this defect could be used to lure users into copying their wallet address into the system clipboard on fake cryptocurrency sites, which could place a risk on an entire digital wallet.
He warns that Google’s web browser isn’t the only one to use such a system; the same source indicates that Safari and Firefox also “allow web pages to write to the system clipboard”, but they have gesture-based protections to provide an element of security.
Johnson summarises the lack of adequate safeguards against protecting system clipboards across all applicable web browsers.
The most commonly used user gesture is Ctrl+C (or Cmd+C for Mac users), however he found that simply pressing the down arrow key to scroll through a website was enough to give sites permission to the computer clipboard.
Handily, there are sites to check whether you are affected. One such site is webplatform.news (opens in new tab), which when visited, may be able to add to your clipboard. All you need to do is visit the site and paste whatever may be in your clipboard into a blank space like a new Word document. If you see the following, the browser you’re using is putting your security at compromise:
“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182.”
Google’s team of Chrome developers is aware of the issue, however a fix is yet to be found.
Via Bleeping Computer (opens in new tab)
‘News of the Day’ content, as reported by public domain newswires.
Source Information (if available)
It appears the above article may have originally appeared on www.techradar.com and has been shared elsewhere on the internet, repeatedly. News articles have become eerily similar to manufacturer descriptions.
We will happily entertain any content removal requests, simply reach out to us. In the interim, please perform due diligence and place any content you deem “privileged” behind a subscription and/or paywall.
First to share? If share image does not populate, please close the share box & re-open or reload page to load the image, Thanks!