A Symlink Following Vulnerability That Put 2.5 Billion Chrome Users at Risk
An analysis of the way in which symlinks are handled by Google’s Chrome browser and other web browsers that use the Chromium web browser project revealed a vulnerability that can result in the theft of sensitive data including crypto wallets and cloud provider credentials. It is dubbed CVE-2022-3656.
The issue was partially fixed in Chrome 107 and fully redressed in Chrome 108. The vulnerability was discovered by Imperva, a security testing firm that ran a red team test of Chrome and Chromium-based browsers.
What is a Symbolic Link Following Vulnerability?
A symbolic link represents a directory or a file as if it were at the location of the symlink, whereas it is stored elsewhere. It’s an excellent functionality for file path redirection and creating shortcuts. A symlink following vulnerability is when a browser processes a symlink without authentication or confirmation and allows unintended access to files. This is exactly what was found to be the case with Chrome. The browser owned by Google processes symbolic links and resolves them recursively.
How can this Vulnerability Affect Chrome Users?
Imperva described an attack scenario where the symlink following vulnerability can be used to gain unauthorized access to sensitive data. Let’s say an attacker creates a fake website for crypto wallet services and when a user tries to grab the offers, she’s asked to download the recovery keys, which is standard practice.
So, the attacker gives the user a zip folder that contains a symbolic link to sensitive data owned by the user instead of the actual recovery keys. Now, when the user unzips the folder and uploads the contents to the internet, as is the practice, the browser processes the symlink, and the attacker gets access to the targeted files.
What should You Do to Stay Secure from a Breach?
The first and most important thing to do is update your Chrome browser to Chrome 108.
You should keep all software up to date as a practice as a general safety measure.
You can use password managers and password generators to deal with your crypto wallets so that you do not generally land in scenarios where you have to gain access to them through recovery keys.
Two or multi-factor authentication should always be preferred.