"Google Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion Users"

The Chromium vulnerability (tracked CVE-2022-3656) discovered by Imperva security researchers in July 2022 and patched in September could still affect 2.5 billion users if they don't update their browsers.  Security researchers at Imperva stated that the vulnerability is commonly known as "SymStealer" and allows for the theft of sensitive files, including crypto wallets and cloud provider credentials, by exploiting how browsers process symbolic links (symlinks).  Due to the flaw, the browser did not correctly check if the symlink was directing users to a location that was not meant to be accessible, which, in turn, enabled the theft of sensitive files.  After discovering the vulnerability, Imperva created a proof-of-concept on the Chromium bug tracker, showcasing how a related attack could occur in the wild.  The researchers noted that after disclosing the vulnerability to Google, they found that the first fix, introduced in Chrome 107, did not fully address the issue.  The researchers notified Google of this, and the issue was fully resolved in Chrome 108.  The researchers noted that it is important to keep one's software up to date to protect against the latest vulnerabilities and to ensure that one's personal and financial information remains secure.

Infosecurity reports: "Google Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion Users"