Google Chrome bug could let dodgy websites mess with your clipboard

News
By Craig Hale
published

Chrome 104 could be messing with your clipboard without you knowing

Chrome 90 Browser for iOS
(Image credit: Shutterstock / XanderSt)

The current, live version of Google Chrome - version 104 - saw the introduction of a bug that could compromise your sensitive data.

Normally, clipboard writing event must be approved by a user, however the bug, found by security expert Jeff Johnson, has been found to have removed this requirement.

Many of us use our clipboard tens or hundreds of times a day for copying and pasting information from one location to another, and some of this information could contain sensitive information like phone numbers, addresses, passwords and login details, and even payment information.

Chrome clipboard bug

Johnson fears that scams based on this defect could be used to lure users into copying their wallet address into the system clipboard on fake cryptocurrency sites, which could place a risk on an entire digital wallet.

He warns that Google’s web browser isn’t the only one to use such a system; the same source indicates that Safari and Firefox also “allow web pages to write to the system clipboard”, but they have gesture-based protections to provide an element of security.

Johnson summarises the lack of adequate safeguards against protecting system clipboards across all applicable web browsers.

Read more

> Compare the best firewall services

> A mystery bug is causing Google Chrome extensions to suddenly fail

> Malicious Google Chrome extensions installed on more than one million devices 

The most commonly used user gesture is Ctrl+C (or Cmd+C for Mac users), however he found that simply pressing the down arrow key to scroll through a website was enough to give sites permission to the computer clipboard.

Handily, there are sites to check whether you are affected. One such site is webplatform.news, which when visited, may be able to add to your clipboard. All you need to do is visit the site and paste whatever may be in your clipboard into a blank space like a new Word document. If you see the following, the browser you’re using is putting your security at compromise:

“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182.”

Google’s team of Chrome developers is aware of the issue, however a fix is yet to be found.

Via Bleeping Computer

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!