Your Route to Real News

Chrome users urged to check settings after ‘cyber gap’ leaves billions at risk

470     0
Chrome users urged to check settings after ‘cyber gap’ leaves billions at risk
Chrome users urged to check settings after ‘cyber gap’ leaves billions at risk

A ‘CYBER GAP’ has been spotted by experts in Google Chrome, which affects more than 2.5billion users.

Google Chrome users have been urged to check their settings immediately to make sure they are protected against the vulnerability.

Users must make sure their they have updated their browser to protect themselves eiqtiqhuiqkrprw
Users must make sure their they have updated their browser to protect themselves

Cybersecurity experts at Imperva found a vulnerability within Google Chrome which lets hackers steal sensitive data through symbolic links, also known as symlinks.

Symlinks can take users directly to a file, simply by clicking on a link.

Google Chrome will usually alert users when a link is risky.

Pub delivers five-word response to critics of its 'slow' carvery servicePub delivers five-word response to critics of its 'slow' carvery service

But the ‘cyber gap’ means that the browser does not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files, the cybersecurity company warned. 

Imperva raised concerns with Google, which then swiftly patched up the hole on the newest version of the browser – Chrome 108.

Users must make sure their they have updated their browser to Chrome 108 to avoid falling victim to these symlink attacks.

Ron Masas, a researcher at Imperva, said: “An attacker could create a fake website that offers a new crypto wallet service.

“The website could trick the user into creating a new wallet by requesting that they download their ‘recovery’ keys.

“These keys would actually be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as a cloud provider credential.

“When the user unzips and uploads the ‘recovery’ keys back to the website, the symlink would be processed and the attacker would gain access to the sensitive file.

“The user may not even realize that anything is amiss, as the website could be designed to look legitimate and the process of downloading and uploading the “recovery” keys could appear normal.”

How to protect yourself against crypto theft

Hackers are increasingly targeting people who own cryptocurrencies, Masas explained.

“To protect your crypto assets, it is important to keep your software up to date and avoid downloading files or clicking on links from untrusted sources,” he said.

Millions of Android owners could slash 'vampire bills' – how to save moneyMillions of Android owners could slash 'vampire bills' – how to save money

“It is also a good idea to use a hardware wallet to store your cryptocurrencies, as these devices are not connected to the internet and are therefore less vulnerable to hacking attempts.”

Masas has also advised crypto holders to consider using a password manager to generate strong, unique passwords for crypto accounts.

Enabling two-factor authentication whenever possible is also a good move.

“By taking these precautions, you can reduce the risk of your crypto being stolen by hackers,” he said.



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk


Millie Turner

Print page

Comments:

comments powered by Disqus