Clipboard security issues found in Chromium, Firefox, and Apple Safari browsers

Google Chrome Clipboard security issues
Researchers recently disclosed clipboard security issues found in major browsers, including Chromium, Firefox, and Apple Safari. But Chromium is the most severely affected. Users only need to visit a specific page made by the attacker, and the clipboard content will be replaced with content defined on that page.
The vulnerability has actually broken through the browser user gesture control, including selecting the copy button with the right mouse button and using the Ctrl C shortcut to copy. The attacker does not require any user action to replace the content, which is relatively risky for non-professional users and cryptocurrency investors.

Replacing the clipboard content is not a particularly serious problem, but it also depends on the scenario, such as when you copy a cryptocurrency address to transfer money to be replaced. Cryptocurrency addresses are hard to remember and cannot be entered manually by the user, so if an attacker replaces the address when transferring money, the money will be stolen.

In addition, for non-professional users, attackers can induce users to visit unofficial sites for phishing, and trick users into entering bank card account passwords and other information. The developer has created a demo webpage to showcase the vulnerability.

Of course, if the problem is exploited, it can also be used to send advertisements, so that users can see advertisements from malicious websites when pasting, and it will be inevitable. Users can’t tell which websites use the vulnerability to tamper with the clipboard content, so from this aspect, major browsers must be updated in time to block this vulnerability.

The potential for maliciousness should be obvious. While you’re navigating a web page, the page can without your knowledge erase the current contents of your system clipboard, which may have been valuable to you, and replace them with anything the page wants, which could be dangerous to you the next time you paste,” the developer notes.

The relevant Clipboard security issues have been submitted to Chromium Bugs, and after discussion, the project developers have confirmed the existence of this problem and started to fix the vulnerability. Other browser developers should be aware of this issue as well, but it’s unclear when these browsers will release updates to adjust permissions to address the issue.

In the latest Chrome 105.0.5195.102 version, Google did not mention this problem, so it should not be fixed for the time being and need to wait for the next update.