If you haven’t updated your browser in a while you should do so immediately, as a new high-severity vulnerability has been discovered that affects Google Chrome and other Chromium-based browsers like Microsoft Edge.
The vulnerability, dubbed SymStealer and tracked as CVE-2022-3656, was first discovered by security researchers at Imperva and more than 2.5 billion users could be at risk of potential attacks if they aren’t running the latest version of Chrome.
If exploited, an attacker could use this vulnerability to steal sensitive files from a users’ computer including banking and crypto wallet credentials that could then be used to drain their accounts.
Chrome’s popularity comes with a number of benefits like compatibility and frequent security audits but as the most widely used browser with a 65.52% market share according to a blog post from Imperva, it’s also a very attractive target for hackers and other cybercriminals.
SymStealer vulnerability
The vulnerability itself involves symlinks or symbolic links which are a type of file that points to another file or directory. Symlinks are often used for creating shortcuts, redirecting file paths or organizing files in a more flexible way. However, they can also introduce vulnerabilities.
Imperva’s researchers discovered an issue in Chrome where the browser did not properly check to see if symlinks were pointing to a location that wasn’t supposed to be accessible. This could allow an attacker to steal sensitive files from a victim’s machine.
In one attack scenario laid out by the firm, an attacker could create a fake website that offers a new crypto wallet service. This website could then trick a user into creating a new wallet by requesting they download their recovery keys.
While a user would think they were downloading their keys, the file itself would actually contain a symlink to a sensitive file or folder on their computer. After unzipping the file and uploading their recovery keys back to the fake website, the symlink would then be processed and the attacker would gain access to a sensitive file.
Fortunately, Imperva’s researchers disclosed the vulnerability to Google and the search giant rolled out a fix in Chrome 107. However, this didn’t fully address the issue which is why a permanent fix was included with the release of Chrome 108.
How to stay safe from browser-based attacks
If you’re using Chrome, Microsoft Edge, Brave, Vivaldi, Opera or any other Chromium-based browser, you should download and install the latest updates immediately to protect the sensitive files on your computer from being stolen.
Although there haven’t been any instances of this security flaw being exploited in the wild, attackers could come up with exploits targeting users that are still running vulnerable versions of Chrome or other Chromium browsers.
Besides keeping your browser and other software up to date, you should also consider installing the best antivirus software to help keep you protected from malware and other cyber threats.
