BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • SymStealer vulnerability puts every Google Chrome user at risk

    The Imperva Red team at the end of last year discovered a vulnerability in the popular Google Chrome browser, which is tracked under the identifier CVE-2022-3656. At the time the vulnerability was active, it affected over 2.5 billion Chrome users and allowed hackers to steal sensitive files such as crypto wallets and cloud provider credentials.

    The vulnerability was discovered while testing how the browser interacts with the file system, in particular looking for common vulnerabilities related to how browsers handle symbolic links. Symbolic links (symlink) are a type of file that points to another file or directory, allowing the operating system to treat the linked file or directory as if it were in the location of the symbolic link. This can be useful for creating shortcuts, redirecting file paths, or more flexible file organization.

    However, symbolic links can also create vulnerabilities if they are not handled properly. In the case of the CVE-2022-3656 vulnerability, the browser incorrectly checked whether a symbolic link points to a location that is not intended to be accessed, which allowed confidential files to be stolen.

    An attacker can create a fake website offering, for example, a crypto wallet service. And in the process of creating a wallet, ask to download the so-called “recovery keys” to your computer. These keys will actually be a zip file containing a symbolic link to a confidential file or folder on the user's computer, such as a cloud provider's credentials. When the user unzips and uploads the recovery keys back to the website, the symbolic link will be processed and the attacker will have access to the desired confidential file. The user may not even realize that something is wrong, as the website may look completely legitimate, and the process of downloading and uploading recovery keys is a normal practice for cryptocurrency wallets.

    Google has completely fixed the symbolic link vulnerability in Chrome version 108. To protect your crypto assets, it is important to keep your software up to date, avoid downloading questionable files or clicking on links from untrustworthy sources.

    Author DeepWeb
    LockBit is the most popular extortionist gang in the world
    Deutsche Bank data is being sold on the dark web

    Comments 0

    Add comment