A “major” security issue in the Google Chrome web browser, along with Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard contents without requiring consent or user interaction user by simply visiting them.
The clipboard poisoning attack was accidentally introduced in Chrome version 104, according to developer Jeff Johnson.
While the problem also exists in Apple Safari and Mozilla Firefox, what makes the problem serious in Chrome is that the requirement for a user gesture to copy content to the clipboard is currently broken.
User gestures include selecting a piece of text and pressing Ctrl+C (or ⌘-C for macOS) or selecting “Copy” from the context menu.
“Therefore, something as innocent as clicking on a link or pressing the arrow key to scroll down the page gives the website permission to overwrite your system’s clipboard,” Johnson noted.
The ability to overwrite clipboard data poses security concerns. In a hypothetical attack scenario, an adversary could trick a victim into visiting a malicious landing page and rewriting the address of a cryptocurrency wallet previously copied by the target with one under their control, resulting in transfers of unauthorized funds.
Alternatively, threat actors could overwrite the clipboard with a link to specially crafted websites, tricking victims into downloading dangerous software.
“While you are browsing a web page, the page may unknowingly erase the current contents of your system clipboard, which may have been valuable to you, and replace it with whatever the page wants, which could be dangerous for you the next time you stick,” Johnson explained.
Google is already aware of the issue and a patch is expected to be released soon, given the severity of the flaw and the likelihood of abuse by malicious actors.
In the meantime, users are advised to refrain from opening web pages between cut/copy-paste actions and to check their clipboard before performing sensitive operations on the web, such as financial transactions.
The development comes as Google has released a new version of Chrome (105.0.5195.52/53/54) for Windows, macOS and Linux with fixes for 24 deficiencies, 10 of which relate to use-after-release bugs in Network Service, WebSQL , WebSQL, PhoneHub, among others.