New Chrome Vulnerability Could Let Your Bank Information Be Stolen: What To Do?

If you haven’t updated your browser in a while, you should do so immediately as a newly discovered critical vulnerability affects Google Chrome and other Chromium-based browsers like Microsoft Edge. .

The vulnerability, known as SymStealer, was first discovered by security researchers at Imperva. Currently, more than 2.5 billion users are at risk of being attacked if they are not using the latest version of Chrome.

Hackers could take advantage of this vulnerability to steal sensitive files from users’ computers, including bank logins and e-wallets, and then withdraw money from their accounts.

Chrome is a highly reliable browser and still undergoes regular security checks. However, by itself as the most widely used browser today, it also becomes a very attractive target for hackers and other cybercriminals.

SymStealer Vulnerability

This vulnerability is related to “symbolic links” – the computer industry term for a file (file) that references another file or directory as a relative or absolute path. . It is also commonly referred to as a symlink or a softlink.

A “symbolic link” can be understood simply as a path that points to the location of a certain file in the computer system. It is often used to create shortcuts, redirect file paths, or organize files in a more flexible way. However, because of that, it can create security holes.

Researchers at Imperva discovered an issue in Google Chrome where the browser failed to correctly check whether symlinks point to an unauthorized location. This could allow hackers to steal sensitive files from the victim’s computer.

In the hypothetical attack scenario given by Imperva, an attacker could create a fake website offering a new e-wallet service. The site can then trick users into creating new wallets by asking them to download recovery keys.

Users will think they are downloading their keys, but in reality the files contain a symlink to another sensitive file or folder on their computer.

After the user unzips the file and uses these recovery keys, the hacker will gain access to the sensitive file mentioned above.

What do users need to do?

If you are using Chrome, Microsoft Edge, Brave, Vivaldi, Opera or any other Chromium-based browser, you should immediately download and install the latest updates to protect sensitive files on your device. your property from the risk of being stolen.

Currently, although there have been no recorded cases of this security vulnerability being exploited in practice, experts warn that attackers can actively carry out exploit campaigns targeting users. are still using vulnerable versions of Chrome or other Chromium-based browsers.

Earlier, at the end of last year, Google released security updates for the Google Chrome browser on Windows, Mac and Linux to fix 10 security holes. One of these vulnerabilities allows attackers to take down vulnerable systems remotely.

This update includes 10 security updates, 6 of which are classified as “high severity”. That means users should update as soon as possible.