Tuesday, December 5th, 2023

Threat to 250 million users of Google Chrome, flaw found in browser, allows scammers to access data


Vulnerability has been found in Google Chrome Chromium-based browsers.
Imperva Red Company has informed about this flaw.
To avoid this, the user should update his software.

New Delhi. Google Chrome is used worldwide. This web browser is popular all over the world. Meanwhile, information about security breach has come to the fore in the browser, due to which concern has increased among the users of the browser. In fact, a cyber security firm named Imperva Red has detected a flaw in Google Chrome and Chromium-based browsers, which is putting the data of more than 2.5 billion (250 crore) users at risk.

The firm says that a flaw in the browser allows the theft of sensitive files. According to the company, the flaw was discovered through a review of the way the browser interacts with the file system. Specifically, it allows data theft with the help of common flaws related to browser process symlinks.

What is symlink?
Imperva Red defines a symlink or a symbolic link as a file. It points to another file. This allows the operating system to treat the file as linked. Using symlinks can be useful for creating shortcuts, redirecting file paths, or organizing files in a flexible way. However, if such a link is not handled properly, it can also be used to introduce vulnerabilities.

Also read- Now login without entering password on Google Chrome, work will be done instantly

symlink not checked properly
In the case of Google Chrome, the problem arose with the way the browser interacted with symlinks when processing files and directories. In this case, the symlink did not properly check whether the symlink was pointing to a location that was not intended to be accessible, allowing theft of sensitive files.

READ ALSO  Twitter is now in danger of bankruptcy on 'X', know why Musk is dependent on every penny

How did symlinks affect Google Chrome?
The firm says that the scammer could create a fake website, which offers a new crypto wallet service. As the website requests the user to download his ‘recovery’ key, during this time he can fraudulently create a new wallet.

This key will be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as the cloud provider’s credentials. When users unzips the recovery key and uploads it back to the website, the symlink will be processed and the scammer gains access to the sensitive file.

What should Chrome users do?
Imperva Red says that it has informed Google about the flaw and that the problem has been fully resolved in Chrome 108. Users are being advised to always keep their software updated to avoid such vulnerabilities.

Tags: Google, google chrome, tech news, Tech news in hindi

Source Link

Whatsapp GroupJoin
Telegram channelJoin

Buy iPhone SE 2020 for just Rs 12,000, this opportunity never came before

new Delhi. The iPhone SE model i.e. iPhone SE 3 or iPhone SE 2022 is already out of stock on flipkart in the market. In such a situation, if you are thinking of buying...

Samsung Galaxy S23 series launch, will the phone of Rs 1.50 lakh be able to give competition to Apple iPhone 14

New Delhi. Samsung has launched its flagship series Samsung Galaxy S23. Under this series, three smartphones Galaxy S23 Ultra, Galaxy S23 + and Galaxy S23 have been launched. The phones of this series have...

Redmi 11 Prime becomes cheaper after the launch of Xiaomi Note 12, know the new price

New Delhi.Xiaomi Recently Redmi Note 12 series has been launched by. After its launch, a reduction in the price of Redmi 11 Prime has been announced by Xiaomi. Let us know that the Redmi...