Chrome users across the globe have got a new scare this week because a new vulnerability has been reported that can allow hackers to steal the confidential details of users.
The new security update states that all Chromium-based web browsers carry a high vulnerability risk that has given hackers access to people’s systems and stole details that includes user login information and crypto wallets as well.
The issue is likely to cause concerns for over 2 billion users, which is the number of Chrome users out there. Security experts from Imperva have raised the alarm bells explaining the main reason for this possible breach. Chrome Security Risk:
What Is The Issue
The firm says Chrome browsers are facing issues related to the file systems interacting with the browser, the process known as symlinks. These are files that point to another file or directory, as highlighted by the security firm. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the researchers explained in a blog post.
So how does the symlink issue pose any risk? Guys at Imperva say that Chrome is not properly checking if the symlink was pointing to a location, and in such cases, it is possible for vulnerabilities to crop up, which is exactly what has happened on Chromium in the past few days.
If the attackers come to know about this loophole, they can simply create a website and ask users to download their recovery keys which gives them access to confidential details. The most worrying thing is that people might not even know that they are handing over such vital information to the bad actors, which can be misused to steal other details or even money.
Has Google done anything to fix the problem, the answer is yes. Google first detailed the vulnerability with its risk assessment, and later issued a patch via the Chrome 108 version. The firm says if you are planning to download recovery keys from the browser make sure you have this version of Chrome installed/updated on your systems.