Recently Identified Browser Bug Allows Websites to Overwrite Clipboard Content
What just happened? A browser vulnerability affecting Chrome, Firefox and Safari has been discovered due to a recent release of Chrome software. Google developers have identified the clipboard-based attack, which allows malicious websites to overwrite the contents of a user’s clipboard when the user does nothing but visit a page Web compromised. The vulnerability also affects all Chromium-based browsers, but appears to be most prevalent in Chrome, where a user gesture used to copy content is currently reported as faulty.
Google developer Jeff Johnson explained how the vulnerability can be triggered in several ways, all of which grant the page permissions to overwrite clipboard content. Once granted, users can be affected by actively initiating a cut or copy action, clicking links within the page, or even taking actions as simple as scrolling up or down on the page. page in question.
Johnson explained the bug, pointing out that while Firefox and Safari users need to actively copy content to the clipboard using Control+C or ⌘-C, Chrome users may be affected by simply viewing a malicious page for no more than a fraction of the time. second.
Johnson’s blog post references video examples of Same, a content creator specializing in content for web developers. Šime’s demonstrations reveal how quickly Chrome users can be affected, with the vulnerability being triggered simply by switching between active browser tabs. Regardless of the duration or type of user interaction, the malicious site instantly replaces the contents of the clipboard with whatever the threat actor decides to deliver.
To be able to write to the clipboard, the website must be in the active tab. Quickly switching tabs is enough. You don’t need to interact with the website or watch it for more than a tenth of a second. pic.twitter.com/KzsT6UByAq
— Šime (ˈshe-meh) (@simevidas) September 2, 2022
Johnson’s blog provides technical details describing how a page can obtain permission to write to the system clipboard. One method uses a now obsolete command, document.execCommand.
Another method takes advantage of the newer navigator.clipboard.writetext API, which has the ability to write any text to the clipboard with no additional action required. Johnson’s blog includes a demonstration of how both approaches to the same vulnerability work.
Although the vulnerability may not appear harmful at first glance, users should remain aware of how malicious actors can leverage content exchange to exploit unsuspecting victims. For example, a fraudulent site may replace a previously copied URL with another fraudulent URL, unknowingly leading the user to additional sites designed to capture information and compromise security.
The vulnerability also gives threat actors the ability to replace copied cryptocurrency wallet addresses saved in the clipboard with the address of another wallet controlled by a malicious third party. Once the transaction has taken place and the funds are sent to the fraudulent wallet, the victimized user usually has little or no ability to trace and recover their funds.
According to The Hacker News, Google is aware of the vulnerability and should release a patch in the near future. Until then, users should exercise caution by avoiding opening pages using content copied to the clipboard and verify the output of their copied content before continuing with any activity that may compromise their personal or financial security.