Clipboard security issues found in Chromium, Firefox, and Apple Safari browsers
Replacing the clipboard content is not a particularly serious problem, but it also depends on the scenario, such as when you copy a cryptocurrency address to transfer money to be replaced. Cryptocurrency addresses are hard to remember and cannot be entered manually by the user, so if an attacker replaces the address when transferring money, the money will be stolen.
In addition, for non-professional users, attackers can induce users to visit unofficial sites for phishing, and trick users into entering bank card account passwords and other information. The developer has created a demo webpage to showcase the vulnerability.
Of course, if the problem is exploited, it can also be used to send advertisements, so that users can see advertisements from malicious websites when pasting, and it will be inevitable. Users can’t tell which websites use the vulnerability to tamper with the clipboard content, so from this aspect, major browsers must be updated in time to block this vulnerability.
“The potential for maliciousness should be obvious. While you’re navigating a web page, the page can without your knowledge erase the current contents of your system clipboard, which may have been valuable to you, and replace them with anything the page wants, which could be dangerous to you the next time you paste,” the developer notes.
The relevant Clipboard security issues have been submitted to Chromium Bugs, and after discussion, the project developers have confirmed the existence of this problem and started to fix the vulnerability. Other browser developers should be aware of this issue as well, but it’s unclear when these browsers will release updates to adjust permissions to address the issue.