• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Newly identified browser bug allows websites to overwrite clipboard content
Tech News

Newly identified browser bug allows websites to overwrite clipboard content

September 4, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Newly identified browser bug allows websites to overwrite clipboard content
Share
Facebook Twitter LinkedIn Pinterest Email

What just happened? A browser vulnerability affecting Chrome, Firefox, and Safari was discovered following a recent Chrome software release. Google developers identified the clipboard-based attack, which allows malicious websites to overwrite a user’s clipboard content when the user does nothing else but visit a compromised webpage. The vulnerability affects all Chromium-based browsers as well, but appears to be most prevalent in Chrome, where a user gesture used to copy content is currently reported as broken.

Google developer Jeff Johnson explained how the vulnerability can be triggered in several ways, all of which grant the page permissions to overwrite clipboard contents. Once granted, users can be affected by actively triggering a cut or copy action, clicking on links in the page, or even taking actions as simple as scrolling up or down on the page in question.

Johnson elaborated on the bug, pointing out that while Firefox and Safari users have to actively copy content to the clipboard using Control+C or ⌘-C, Chrome users can be affected by simply viewing a malicious page for no more than a fraction of a second.

Johnson’s blog post references video examples from Šime, a content creator specializing in content geared toward web developers. Šime’s demonstrations reveal just how quickly Chrome users can be affected, with the vulnerability triggered by simply toggling between active browser tabs. Regardless of how long or what type of interaction the user takes, the malicious site instantly replaces any clipboard contents with whatever the threat actor decides to deliver.

In order to be able to write to the clipboard, the website needs to be in the active tab. Quickly toggling tabs is enough. You don’t have to interact with the website or look at it for more than a tenth of a second. pic.twitter.com/KzsT6UByAq

— Šime (ˈshe-meh) (@simevidas) September 2, 2022

Johnson’s blog provides technical details describing just how a page can obtain permission to write to the system clipboard. One method uses a now deprecated command, document.execCommand.

See also  Heroes Of The Storm will no longer receive new content

Another method takes advantage of the more recent navigator.clipboard.writetext API, which has the ability to write any text to the clipboard with no additional actions required. Johnson’s blog includes a demonstration of how both approaches to the same vulnerability work.

While the vulnerability may not sound damaging on the surface, users should remain aware of how malicious actors can leverage the content swap to exploit unsuspecting victims. For example, a fraudulent site can replace a previously copied URL with another fraudulent URL, unknowingly leading the user to additional sites designed to capture information and compromise security.

The vulnerability also provides threat actors with the ability to replace copied cryptocurrency wallet addresses saved to the clipboard with the address of another wallet controlled by a malicious third party. Once the transaction has taken place and funds are sent to the fraudulent wallet, the victimized user typically has little to no ability to trace and reclaim their funds.

According to The Hacker News, Google is aware of the vulnerability and is expected to release a patch in the near future. Until then users should exercise caution by avoiding opening pages using clipboard-based copied content and verify the output of their copied content prior to continuing with any activities that could compromise their personal or financial security.



Source link

Browser bug Clipboard Content identified Newly overwrite websites
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How To Make Curated Content A Winning Element Of Your Content Strategy

September 24, 2023

10 Expert Techniques for Clear Marketing Content

September 8, 2023

Yoto Player review – audio content for kids

September 8, 2023

Content creators, this organization aims to advocate & protect your rights

September 8, 2023
Add A Comment

Comments are closed.

Editors Picks

Reddit partners with crypto exchange FTX to help users manage community points

August 14, 2022

Positive self-talk can improve your overall performance

July 7, 2022

IBM still breaking new ground at Wimbledon

July 10, 2022

2022 cybersecurity forecasts predict growth, emphasizing resilience

July 6, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.