2 BILLION Google Chrome users hit by browser security flaw! Protect yourself now

tech.hindustantimes.com:

Google Chrome has been hit by a new security flaw and it has affected more than 2 billion users! Cyber security firm, Imperva Red has disclosed a high-severity vulnerability, dubbed CVE-2022-3656, which has been affecting Google Chrome and other Chromium-based browsers. The security flaw allows the theft of sensitive files such as cryptocurrency wallets, and login credentials. The cyber security company says that in this case, "the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks."

For those who are unaware, Symlinks or symbiotic links are files that point to another file. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the blog mentioned. The Imperva team explained that this way symlinks can also introduce vulnerabilities. That's how this vulnerability affected Chrome browsers.

While explaining a potential attack scenario, the cyber security research team said that the threat can create a fake cryptocurrency wallet and the website can request the users to download their recovery keys. This downloaded file will be a symlink to a folder on your computer. This file can be login credentials for a cloud provider. The saddest part is that users will not be aware of the leak of sensitive data.

“In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user's