Google Chrome bug could let dodgy websites mess with your clipboard

By Scott Marlette Last updated Sep 2, 2022

The current, live version of Google Chrome – version 104 – saw the introduction of a bug that could compromise your sensitive data.

Normally, clipboard writing event must be approved by a user, however the bug, found by security expert Jeff Johnson (opens in new tab), has been found to have removed this requirement.

Many of us use our clipboard tens or hundreds of times a day for copying and pasting information from one location to another, and some of this information could contain sensitive information like phone numbers, addresses, passwords and login details, and even payment information.

Chrome clipboard bug

Johnson fears that scams based on this defect could be used to lure users into copying their wallet address into the system clipboard on fake cryptocurrency sites, which could place a risk on an entire digital wallet.

He warns that Google’s web browser isn’t the only one to use such a system; the same source indicates that Safari and Firefox also “allow web pages to write to the system clipboard”, but they have gesture-based protections to provide an element of security.

Johnson summarises the lack of adequate safeguards against protecting system clipboards across all applicable web browsers.

The most commonly used user gesture is Ctrl+C (or Cmd+C for Mac users), however he found that simply pressing the down arrow key to scroll through a website was enough to give sites permission to the computer clipboard.

Handily, there are sites to check whether you are affected. One such site is webplatform.news (opens in new tab), which when visited, may be able to add to your clipboard. All you need to do is visit the site and paste whatever may be in your clipboard into a blank space like a new Word document. If you see the following, the browser you’re using is putting your security at compromise:

“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182.”

Google’s team of Chrome developers is aware of the issue, however a fix is yet to be found.

Via Bleeping Computer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.