Cyber security firm claims data of 2.5 billion Google Chrome users at risk
Several crypto wallets and other online services ask users to download recovery keys to access their accounts. The keys act as a backup in case the user loses access to the account for any reason. An attacker could take advantage by providing user with a zip file containing a symlink instead of the actual recovery keys.
Google Chrome is a web browser used by netizens from across the world. A latest cyber security firm claims to have detected a vulnerability in Google Chrome and Chromium-based browsers which puts data of over 2.5 billion users at risk.
In its blog post, the cyber security firm named Imperva Red has revealed that the vulnerability labelled as ‘CVE-2022-365’, which allows the the theft of sensitive files like crypto wallets and cloud provider credentials.
The blog points to a type of file called ‘Symlink’, which points to another file or directory. This file also allows the operating system to treat the linked file or directory as it was its location.
The blog states that these symlinks can introduce vulnerabilities if not handled properly. The browser did not check if the symlink was directing at a location which was not intended to be accessible, allowing the theft of sensitive files.
Imperva Red has warned that an attacker could design a fake website posing to offer a crypto wallet service. This fake website can con the user into creating a new wallet on pretext of asking them to download ‘recovery keys’.

According to the blog, the keys are nothing but a zip file comprising symlink to a sensitive file or folder on the users' computer. The website could be designed in such a way that it looks legitimate and the process of uploading and downloading the ‘recovery keys’ could seem normal.
Several crypto wallets and other services usually ask users to download recovery keys to access their accounts, which are a backup in case the user loses access to account. But an attacker can misuse this by handing out a zip file containing a symlink to the user instead of an actual recovery keys. If uploaded, the attacker can access the sensitive files on the user's computer by processing the symlink.
The hackers target individuals and organisations holding crypto currencies as these digital assets can be highly valuable. The blog suggests keeping software up to date and not downloading files from malicious sources.
ABOUT THE AUTHORHT News DeskFollow the latest breaking news, major developments and agenda-setting stories from India and around the world with the newsdesk at Hindustan Times. Operating round the clock, the desk brings together experienced editors, reporters and correspondents to deliver fast, accurate and contextual reporting across subjects that influence public policy, governance, business, society and international affairs. The HT News Desk covers politics, elections, government policies, the economy, business and markets, science and technology, the environment, law and order, infrastructure, education, climate issues and geopolitics, while closely tracking developments across states, institutions and global capitals. The team also leads coverage of major breaking news events, policy announcements, court proceedings, natural disasters, public emergencies and significant international developments. Reports published by the newsdesk are based on information gathered from reporters on the ground, official statements, government agencies, court records, regulatory filings, recognised institutions and other authoritative sources. Stories undergo editorial scrutiny and verification processes to ensure accuracy, fairness and relevance, and are updated as events evolve and additional information becomes available. Whether covering a key political decision in New Delhi, an economic policy shift affecting millions, a landmark court ruling or a major global event, the HT News Desk aims to provide readers with reliable, fact-based journalism that delivers not only the latest developments but also the context and analysis needed to understand their wider implications.Read More

E-Paper


