Threat Watch

Google Chrome Bug Allows Websites to Overwrite Clipboard Content

A new bug was introduced in Google Chrome version 104 that could allow a malicious webpage to automatically overwrite the content of the clipboard without user consent. On these malicious websites, all a user would have to do is a copy gesture, either right clicking or using the hot key, to copy text. From there, the malicious website will be able to overwrite the copied data with whatever the threat actor chooses, such as a bitcoin wallet or a link to a malicious site.

ANALYST NOTES

Google is already aware of this issue and a patch is expected to be released soon. This attack is as easy to carry out as an attacker tricking someone into clicking a link that has been re-written. Until the patch is released, Chrome users should be cautious of any websites that are visited and verify any sensitive information that is being copied into the clipboard.

https://thehackernews.com/2022/09/google-chrome-bug-lets-sites-silently.html?m=1