Security alert! Data of 2.5 billion Google Chrome users is at risk

Google Chrome is a popular web browser used by billions of people worldwide. In a grim episode of security breach, Imperva Red – a cyber security firm has detected a flaw in Google Chrome and Chromium-based browsers, risking data of over 2.5 billion users. Dubbed CVE-2022-3656, this vulnerability allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials, the firm says in the post.

“The vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks,” the blog reads.

What is a symlink?

Imperva Red defines symlink or a symbolic link as a type of file that points to another file or directory. It allows the operating system to treat the linked file or directory as if it were at the symlink’s location. A symlink, it says can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way.

However, such links can also be used to introduce vulnerabilities if they are not handled properly.

In Google Chrome’s case, the issue arose from the way the browser interacted with symlinks when processing files and directories. To be specific, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files, the blog post states.

How symlinks affected Google Chrome?

Explaining how the vulnerability impacted Google Chrome, the firm says that an attacker could create a fake website that offers a new crypto wallet service. The website, then could trick…