A security loophole affecting Google Chrome, Apple’s Safari and Mozilla Firefox was recently discovered by security researcher Jeff Johnson. The flaw could enable malicious pages to automatically overwrite clipboard content without the need of user interaction.
Chrome, Safari and Firefox Browsers Exposed to a Clipboard Attack
The clipboard overwrite attack seems to have been introduced in Google Chrome version 104 where it has been determined as the most dangerous. In comparison with Safari and Firefox, Chrome and Chromium-based browsers are more exposed.
“Chrome is currently the worst offender, because the user gesture requirement for writing to the clipboard was accidentally broken in version 104,” Johnson wrote. User gestures refer to selecting a piece of text and using the Control/Command+C commands or “Copy” from the menu.
The researcher added that “a gesture as innocent as clicking on a link or pressing the arrow key to scroll down the page gives the web site permission to overwrite your system clipboard.” What is worse is that this is allowed in every web browser, including Safari (desktop and mobile) and Firefox.
How dangerous is the issue?
“The potential for maliciousness should be obvious,” Johnson pointed out. Users are exposed to it simply by navigating the web page, as it can without their knowledge or consent erase the current contents of the clipboard and replace them with anything.
A patch is expected to be released soon to fix the issue. In the meantime, users should avoid opening pages between cut/copy and paste commands, and double-check their clipboard especially before carrying out financial operations.
It is noteworthy that the so-called clipper malware is specifically designed to hijack a user’s clipboard and replace their crypto address with a hacker’s address. Clipper malware, such as the recently detected ClipMiner trojan, is especially dangerous to cryptocurrency owners and their crypto wallets.