Threat to 250 million users of Google Chrome, flaw found in browser, allows scammers to access data


Vulnerability found in Google Chrome Chromium-based browsers.
Imperva Red Company reported this error.
To avoid this, the user should update his software.

New Delhi. Google Chrome is used all over the world. This web browser is popular all over the world. Meanwhile, information about security breaches in the browser has surfaced, causing concern among browser users. In fact, a cyber security firm called Imperva Red has identified a flaw in Google Chrome and Chromium-based browsers, putting 2.5 billion (250 crore) user data at risk.

The company said a flaw in the browser allowed stealing sensitive files. According to the company, the flaw was discovered through a review of the way the browser interacts with the file system. Specifically, it allows data theft with simple flaws related to browser process symlinks.

What is symlink?
Imperva Red defines a symlink or a symbolic link as a file. It points to another file. This allows the operating system to treat the file as a link. Using symlinks can be useful for creating shortcuts, redirecting file paths, or organizing files in a flexible way. However, if such a link is not handled properly, it can also be used to introduce vulnerabilities.

Read more – Now login to Google Chrome without password, work will be done instantly

Symlinks are not properly checked
In the case of Google Chrome, there are issues with the way the browser interacts with symlinks when processing files and directories. In this case, the symlink did not properly check that the symlink was pointing to a location that was not intended to be accessible, allowing sensitive files to be stolen.

How did symlinks affect Google Chrome?
The firm says the scammer can create a fake website, which offers a new crypto wallet service. The website prompts the user to download his ‘recovery’ key, at which point he can fraudulently create a new wallet.

This key will be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as a cloud provider certificate. When users unzip the recovery key and upload it back to the website, the symlink will be processed and the scammer will gain access to the sensitive file.

What should Chrome users do?
Imperva Red said it notified Google about the bug and that the issue has been fully resolved in Chrome 108. Users are advised to always keep their software updated to avoid such vulnerabilities.

Tags: Google, Google sequence, Technology news, technology news in hindi


Scroll to Top