BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • SymStealer vulnerability puts every Google Chrome user at risk

    The Imperva Red team at the end of last year discovered a vulnerability in the popular Google Chrome browser, which is tracked under the identifier CVE-2022-3656. At the time the vulnerability was active, it affected over 2.5 billion Chrome users and allowed hackers to steal sensitive files such as crypto wallets and cloud provider credentials.

    The vulnerability was discovered while testing how the browser interacts with the file system, in particular looking for common vulnerabilities related to how browsers handle symbolic links. Symbolic links (symlink) are a type of file that points to another file or directory, allowing the operating system to treat the linked file or directory as if it were in the location of the symbolic link. This can be useful for creating shortcuts, redirecting file paths, or more flexible file organization.

    However, symbolic links can also create vulnerabilities if they are not handled properly. In the case of the CVE-2022-3656 vulnerability, the browser incorrectly checked whether a symbolic link points to a location that is not intended to be accessed, which allowed confidential files to be stolen.

    An attacker can create a fake website offering, for example, a crypto wallet service. And in the process of creating a wallet, ask to download the so-called “recovery keys” to your computer. These keys will actually be a zip file containing a symbolic link to a confidential file or folder on the user's computer, such as a cloud provider's credentials. When the user unzips and uploads the recovery keys back to the website, the symbolic link will be processed and the attacker will have access to the desired confidential file. The user may not even realize that something is wrong, as the website may look completely legitimate, and the process of downloading and uploading recovery keys is a normal practice for cryptocurrency wallets.

    Google has completely fixed the symbolic link vulnerability in Chrome version 108. To protect your crypto assets, it is important to keep your software up to date, avoid downloading questionable files or clicking on links from untrustworthy sources.

    Author DeepWeb
    LockBit is the most popular extortionist gang in the world
    Deutsche Bank data is being sold on the dark web

    Comments 0

    Add comment