Files stolen from a sneaky SymStealer. [Research Saturday]
Mar 11, 2023•14 min•Season 7Ep. 271
Episode description
Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently.
Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browsers were affected.
The research can be found here:
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen
Learn more about your ad choices. Visit megaphone.fm/adchoices
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast