How to Patch CVE-2022-3656- A SymStealer Vulnerability in The Google Chrome?

In recent years, there has been an increase in attacks involving the use of symbolic links, also known as “symlinks,” to steal sensitive information like cryptocurrency wallets. These attacks can be difficult to detect, as victims never experience any warning or confirmation messages or even realize that anything is amiss. Everything happens under the radar without the knowledge of the victim. We are going to discuss one such recently patched vulnerability in Chromium-based browsers. The flaw, which is tracked under the identifier CVE-2022-3656, is a SymStealer Vulnerability in the Google Chrome browser that allows attackers to covertly steal confidential information from the victim’s computer without leaving any traces behind. Let’s see some of the technical details and how to patch CVE-2022-3656 in this post.

A Short Note About Chromium

Chromium is an open-source web browser project developed by Google. It forms the basis for several popular web browsers, including Google Chrome, Microsoft Edge, Brave, and Opera. These browsers offer users a fast and secure browsing experience with features like built-in ad blockers, password managers, built-in search engine support, and access to the expansive and ever-growing library of Chrome extensions.

Trend of global market share held by leading web browsers (Image Source:  Statista)

According to Statista, Google Chrome dominates the market with a share of around 60-70%, followed by Safari with around 15-20% market share being the default browser for Apple devices. Firefox and Microsoft Edge are next in line with around 5-10% market share each. Other browsers like Opera and Brave make up a small fraction of the market share.

These numbers clearly say that more than half of the global internet users are prone to the CVE-2022-3656 vulnerability. We urge all chrome users to patch the SymStealer Vulnerability in Google Chrome.

Why are Symlink Vulnerabilities Considered more Dangerous then Any Other?

Therefore, it is important for organizations and individuals to be aware of the risks associated with symlink vulnerabilities and to take steps to protect themselves from these types of attacks.

What is A Symlink or Symbolic Link?

A symlink or symbolic link is a special type of file that points to another file or directory on the same computer or network. It serves as an alias for the target, allowing it to be accessed using different paths. In other words, a symbolic link behaves similarly to a shortcut in Windows, allowing users to get easy access to files and directories. Unlike a regular file or directory, however, the actual content of a symbolic link is not stored on the system—it just contains a reference to the target file or folder.

Symbolic links are often used to create shortcuts to frequently used files or directories, to redirect access to a file that has been moved, or to make a file or directory accessible in multiple locations.

In a Unix-like operating system, the ln command can be used to create a symbolic link. For example, the command “ln -s /path/to/original/file /path/to/link” will create a symbolic link at the location “/path/to/link” that points to the file “/path/to/original/file”.

Symbolic links can be useful, but they can create security issues if they’re not managed properly, as they can be used to redirect access to a malicious file or to gain unauthorized access to sensitive information. The vulnerability covered in this post is one such example of improper use of Symbolic links.

Summary of CVE-2022-3656

According to a recent study conducted by Ron Masas, a security researcher from Imperva, Chrome and other Chromium-based browsers may be vulnerable to symbolic link attacks when handling file systems. In the study, Masas and his team examined the APIs commonly used for file uploads, such as the Drop Event, File Input, or File System Access API, and found that these browsers typically do not adequately address the handling of symbolic links. Despite the presence of safety measures, such as prompting for additional confirmation from the user when uploading large numbers of files, Ron Masas and his team discovered that when a file or folder is dropped onto a file input, it is handled differently. Specifically, symbolic links are processed and recursively resolved without any additional warning or confirmation for the user.

the issue arose from the way the browser interacted with symlinks when processing files and directories. Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files.– Ron Masas

Attackers could exploit this vulnerability when the victim uploads the file that contains a symlink to a sensitive file or folder on the victim’s computer to the attacker’s website. The attacker will do this by tricking the victim into visiting a malicious website and make him download a file that contains a symlink to a sensitive file or folder on the victim’s computer.

Security researchers demonstrated how an attacker could exploit this flaw with the help of a Video. In that video, the researcher mimics both an attacker and a victim. An attacker created a malicious website, ‘localhost,’ that offers a new crypto wallet service. The victim browses the website to create a new wallet by downloading his “recovery” keys, which are actually a zip file containing a symlink to a sensitive file or folder on the victim’s computer, such as a cloud provider credential. When the victim unzips and uploads the “recovery” keys back to the website, the symlink will be processed, and the attacker will gain access to the sensitive file, while the victim may not even realize that anything is amiss.

How to Patch CVE-2022-3656- A SymStealer Vulnerability in Google Chrome?

This vulnerability is present in all the versions of Chrome and Chromium-based browsers less than v108. Google recommends Chrome users update their Chrome to the fixed version to avoid any consequences. 

The updated version released by Google is Chrome 108.0.5359.94/.95. Chrome users are advised to install the security update immediately on whatever OS they use, including Windows, Mac, and Linux. Mac and Linux users are required to update version 108.0.5359.94, and Windows users are required to update 108.0.5359.94/.95. 

How to Upgrade Chrome Browser?

Chrome browser normally runs updates in the background when you close and then reopen your browser. However, if you haven’t done this for a while, a pending update might be available in a colored icon.

There are several ways to upgrade Chrome Browser:

It’s important to keep your browser up to date to take advantage of the latest features and security updates.

As general tips to lower the attack surface, keep your software up-to-date, patch all the vulnerabilities as much as you can, use password manager services to store passwords, use security solutions for malware protection, and use hardware valet o store your cryptocurrencies. 

We hope this post would help you know How to Patch CVE-2022-3656, a SymStealer vulnerability in Google Chrome. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this. 

You may also like these articles: