Clipboard is freely accessible in Chromium-based browsers

0

Chromium-based web browsers such as Microsoft’s Edge or Google’s Chrome allow websites in their current versions to access the system clipboard without user interaction. This allows websites to put their data on the clipboard, which careless users can then copy into forms, for example. This becomes a risk when dealing with cryptocurrency transactions or similar data.

Because there is passive, otherwise required user interaction: A Microsoft employee encountered a problem with the function when opening a new tab in a test NewTabPageDoodleShareDialogFocusTest.All fail. However, everything worked as expected, without the prior user action required by pressing the Ctrl + C key combination to access the clipboard. Without further ado, the imperative requirement of users had to give way to functional testing.

In the bug report, the developer states that this is not a good solution and should be changed: “We have disabled the user interaction requirement for read/write for a while, but we should reconsider.” There has been an ongoing controversy in the bug tracker over the significance of the fix for this unexpected and security-critical behavior. After all, the developers recognized a certain urgency.

However, other web browsers such as Safari or Firefox force a previous user action to access the clipboard. Now that the current mishandling of Chromium-based web browsers regarding the clipboard is known, a fix should be coming soon.

However, until web browsers such as Chrome or Edge become secure in this regard, users should carefully check whether the data is actually accurate before pasting the copied content into forms or documents. If a visited website copies the wrong wallet number or bitcoin address to the clipboard, the encrypted money could otherwise be routed irrevocably to the wrong recipient – that’s exactly what the Avery malware did by visualizing and manipulating the clipboard. has been.


(DMK)

on the home page

Share.

Comments are closed.