Version 104 of Google Chrome, which is the most recent, has a problem that could compromise your private information.
The flaw discovered by security expert Jeff Johnson(opens in new tab) has been determined to have removed the requirement that users authorise clipboard writing events.
The most recent Google Chrome version, 104, includes a flaw that could compromise your personal data.
It has been concluded that the vulnerability found by security expert Jeff Johnson(opens in new tab) removes the necessity that users authorise clipboard writing events.
Chrome clipboard issue
The entire digital wallet might be at risk if frauds based on this flaw are exploited to persuade users to copy their wallet address into the system clipboard on phoney cryptocurrency websites, according to Johnson.
The same source says that Safari and Firefox also "enable web pages to write to the system clipboard," but they include gesture-based protections to provide an aspect of security, so he cautions that Google's web browser isn't the only one to use such a mechanism.
In all relevant web browsers, Johnson summarises the lack of effective protections for system clipboards.
However, he discovered that simply hitting the down arrow key to scroll through a page was sufficient to provide sites permission to the computer clipboard. The most common user action is Ctrl+C (or Cmd+C for Mac users).
It's convenient that there are websites to see if you are impacted. One such website that you might be able to add to your clipboard when visiting is webplatform.news(opens in new tab). Simply go to the website and paste whatever is on your clipboard into a blank area, such as a new Word document. The browser you're using compromises your security if you view the following:
Hello, this message is in your clipboard as a result of your visit to the Web Platform News website using a browser that permits websites to write to the clipboard without the user's consent. I'm sorry for the trouble. Please visit https://github.com/w3c/clipboard-apis/issues/182 for more details on this problem.
The problem has been identified by Google's team of Chrome developers, but a solution has not yet been developed.
According to Bleeping Computer, these are the greatest tools for preventing ID theft.
