"Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content"

A security flaw in Google Chrome and Chromium-based alternatives could allow malicious web pages to overwrite clipboard content without user consent or interaction simply by visiting them. According to developer Jeff Johnson, the clipboard poisoning attack was accidentally introduced in Chrome version 104. While the issue also exists in Apple Safari and Mozilla Firefox, the requirement for a user gesture to copy content to the clipboard is currently broken in Chrome. Selecting a piece of text and pressing Control+C or selecting "Copy" from the context menu are examples of user gestures. Therefore, even a seemingly innocent gesture, such as clicking on a link or pressing the arrow key to scroll down the page, grants the website permission to overwrite a user's system clipboard. The ability to replace clipboard data raises security concerns. For example, an adversary could lure a victim to a malicious landing page and rewrite the address of a cryptocurrency wallet previously copied by the victim with one under their control, resulting in unauthorized fund transfers. Threat actors could also overwrite the clipboard with a link to specially crafted websites, causing victims to download harmful software. This article continues to discuss the Google Chrome flaw that could enable malicious web pages to automatically overwrite clipboard content.

THN reports "Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content"