When the user unzips and uploads the “recovery” keys back to the website, the symlink would be processed and the attacker would gain access to the sensitive file. These keys would actually be a zip file containing a symlink to a sensitive file or folder on the user’s computer, such as a cloud provider credential. The website could trick the user into creating a new wallet by requesting that they download their “recovery” keys. Attack scenarioĪn attacker could create a fake website that offers a new crypto wallet service. Symbolic links are processed, recursively resolved, and there’s no extra warning or confirmation for the user. However, during our testing, we found that when you drop a file or folder onto a file input, it’s handled differently. They even have extra safety measures, like asking for extra confirmation from the user if they try to upload lots of files at once. When we checked out the APIs that developers often use for file uploads, like the Drop Event, File Input, or File System Access API, we noticed that they usually don’t deal with symbolic links.
We looked into how Chrome and other Chromium-based browsers handle file systems. This issue is commonly known as symbolic link following. Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files.
In the case of the vulnerability we disclosed to Google, the issue arose from the way the browser interacted with symlinks when processing files and directories.
However, symlinks can also introduce vulnerabilities if they are not handled properly. This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way. It allows the operating system to treat the linked file or directory as if it were at the symlink’s location. What’s a symlink?Ī symlink, also known as a symbolic link, is a type of file that points to another file or directory. In this case, the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks. However, it also increases the likelihood of cross-browser vulnerabilities. The popularity of Chromium has many benefits, such as compatibility and security audits.
Two other top 6 browsers, Opera and Edge, are based on Chromium, the open-source version of Chrome, bringing Chromium’s market share to over 70%. Chrome is the most widely used browser, with a 65.52% market share.
0 kommentar(er)
