Back to Blog
Security

A Google Chrome Vulnerability allows sites to secretly overwrite the contents of the clipboard.

Avanish Pandey

September 6, 2022

A Google Chrome Vulnerability allows sites to secretly overwrite the contents of the clipboard.

Web pages can replace the contents of the system clipboard without the user's knowledge or input because of a flaw in Chromium-based browsers.

Developer Jeff Johnson found the problem and described his findings in a blog post on August 28. The security expert added that Apple Safari and Mozilla Firefox are also affected by the problem, but that the Chromium-based browsers currently have a bug that prevents material from being copied to the clipboard without a user gesture.

Because the user gesture requirement for writing to the clipboard was unintentionally violated in version 104, Johnson said that Chrome is currently the greatest offender.

In this context, the term "user gestures" refers to a user's ability to select text and press Control+C (or -C for macOS), for instance, or select 'Copy' from the context menu.

Johnson also found that the problem had an impact on a broader range of user gestures. "This is not a severe restriction on gestures. According to my tests, a few DOM events allow a web page to overwrite your system clipboard by using the clipboard API."

"This brings us back to the famous quote: "Security is just an illusion and Privacy is a myth"

These include, among others, depressing and pressing the key-down and key-up buttons. Therefore, Johnson cautioned, "even a seemingly benign action like clicking a link or using the arrow keys to scroll down the screen allows the website to overwrite your system clipboard." Johnson claimed that it was simple to figure out how to use the bug to an attacker's advantage. The contents of your system clipboard, which may have been valuable to you, could be erased by a web page while you're browsing it without your awareness and replaced with anything the page wishes, which could be harmful to you the next time you paste.

Johnson claims that Google is already aware of the BUG, but as of this writing, the tech giant has not yet made a patch available.

Another Bug, which was recently fixed by Apple for a serious vulnerability in the Safari browser on various mobile devices, is far from the first to harm browsers.

Avanish Pandey

September 6, 2022

icon
icon
icon

Subscribe to our Newsletter

Sign up to receive and connect to our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Latest Article

copilot