Google Chrome users urged to check settings after ‘cyber hole’ puts billions at risk

Experts have discovered a “CYBER GAP” in Google Chrome affecting over 2.5 billion users.

Google Chrome users have been urged to immediately review their settings to ensure they are protected from the vulnerability.

1

Imperva cybersecurity researchers have found a vulnerability in Google Chrome that allows hackers to steal sensitive data via symbolic links, also known as symlinks.

Symlinks can take users directly to a file simply by clicking a link.

Google Chrome usually warns users when a link is risky.

But the “cyber hole” means the browser doesn’t properly check if the symlink points to a location that shouldn’t be accessible, allowing for the theft of sensitive files, the cybersecurity company warned.

Impreva raised concerns with Google, which responded quickly by closing the hole in the browser’s latest version – Chrome 108.

Users must ensure that they have updated their browser to Chrome 108 to avoid falling victim to these symlink attacks.

Ron Masas, a researcher at Imperva, said: “An attacker could create a fake website offering a new crypto wallet service.

“The website could trick the user into creating a new wallet by asking them to download their ‘recovery keys’.

“These keys would actually be a ZIP file containing a symbolic link to a sensitive file or folder on the user’s computer, e.g. B. Cloud provider credentials.

“When the user unzips the ‘recovery keys’ and uploads them back to the website, the symlink is processed and the attacker gains access to the sensitive file.

“The user might not even realize that something is wrong as the website might be designed to look legitimate and the process of downloading and uploading the ‘recovery keys’ might appear normal.”

How to protect yourself from crypto theft

Hackers are increasingly targeting people who hold cryptocurrencies, Masas explained.

“To protect your crypto assets, it’s important to keep your software up to date and avoid downloading files or clicking on links from untrustworthy sources,” he said.

“It’s also a good idea to use a hardware wallet to store your cryptocurrencies, as these devices aren’t connected to the internet and are therefore less vulnerable to hacking attempts.”

Masas has also advised crypto holders to consider using a password manager to generate strong, unique passwords for crypto accounts.

It’s also a good step to enable two-factor authentication whenever possible.

“By taking these precautions, you can reduce the risk of your crypto being stolen by hackers,” he said.

The best tips and hacks for phones and gadgets

Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…

Get the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at tech@the-sun.co.uk