The Imperva Red team at the end of last year discovered a vulnerability in the popular Google Chrome browser, which is tracked under the identifier CVE-2022-3656. At the time the vulnerability was active, it affected over 2.5 billion Chrome users and allowed hackers to steal sensitive files such as crypto wallets and cloud provider credentials.
The vulnerability was discovered while testing how the browser interacts with the file system, in particular looking for common vulnerabilities related to how browsers handle symbolic links. Symbolic links (symlink) are a type of file that points to another file or directory, allowing the operating system to treat the linked file or directory as if it were in the location of the symbolic link. This can be useful for creating shortcuts, redirecting file paths, or more flexible file organization.
However, symbolic links can also create vulnerabilities if they are not handled properly. In the case of the CVE-2022-3656 vulnerability, the browser incorrectly checked whether a symbolic link points to a location that is not intended to be accessed, which allowed confidential files to be stolen.
An attacker can create a fake website offering, for example, a crypto wallet service. And in the process of creating a wallet, ask to download the so-called “recovery keys” to your computer. These keys will actually be a zip file containing a symbolic link to a confidential file or folder on the user's computer, such as a cloud provider's credentials. When the user unzips and uploads the recovery keys back to the website, the symbolic link will be processed and the attacker will have access to the desired confidential file. The user may not even realize that something is wrong, as the website may look completely legitimate, and the process of downloading and uploading recovery keys is a normal practice for cryptocurrency wallets.
Google has completely fixed the symbolic link vulnerability in Chrome version 108. To protect your crypto assets, it is important to keep your software up to date, avoid downloading questionable files or clicking on links from untrustworthy sources.