Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently.
Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browsers were affected.
The research can be found here:
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen

Files stolen from a sneaky SymStealer. [Research Saturday]

Failed to load content!

The page you were looking for was moved or doesn't exist.


Previous 30 days

Today

Previous 7 days

The podcast {{podcastName}} is embedded on this page from an open {{RSSLink}}. All files, descriptions, artwork and other metadata from the RSS-feed is the property of the podcast owner and not affiliated with or validated by Podplay.

The podcast {{podcastName}} is distributed by Podplay. Here you find the podcasts {{RSSLink}}.

Play latest

Resume

More

Popular podcasts

{{title}} | {{podcastTitle}} | Podplay

Page not found

An error has occurred

Find and listen to your favourite podcasts at Podplay.

Podplay

{{title}} | Listen at Podplay

Find and listen to your favourite podcasts at Podplay - Your home for podcasts.

Podplay | Your Home for Podcasts

Account settings - Data

My account – delete account

Account settings - settings

My account - Settings

My account

My account - password

Something went wrong, please try again. If the problem persists, please contact us.

Go to start page

Click the button below to request your data. The data will be sent to the email associated with your account.

You have already requested your data. You must wait before requesting again.

A download link will be sent to your email when the file has been created.

Request your data

Click below to delete your account. Note that all information associated with your account, such as which podcasts you follow and listening history, will also be deleted.

Delete Account

Update account information

You have entered wrong password. Please try again.

Update password

You need to enter your current password to make changes on your profile.

Profile name is part of your public profile.

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Files stolen from a sneaky SymStealer. [Research Saturday]

News