As the most used browser on the Internet, the Chrome it is constantly being evaluated for safety. The most recent discovery brought to light a serious flaw in this browser that left information and data of 2,5 billion users accessible.
This problem has already been corrected, but it goes to show how a simple flaw in Google's browser can jeopardize information and files of so many users.
It was the security company Imperva that brought to public Chrome's latest flaw. Google's browser had a year of 2022 in which several problems were revealed and immediately corrected, showing the importance that the search giant attaches to the security of its apps.
In the specific case of this problem, called “SymStealer”, the problem was in the way the browser treated symbolic links. These were received by Chrome, without the possibility of accessing the places to which they pointed being validated.
BUT: Google Chrome prepares option to block downloads from suspicious https
By not performing this validation, Chrome opened the door for attackers to access areas of the operating system that could be blocked. When receiving a set of files on a website, in any form, if a symbolic link was present, this was followed.
Thus, it would be possible for an attacker to take a user to a fake website and download any file. By requesting that it be loaded again, and with a symbolic link present, access to sensitive areas and protected and naturally inaccessible files could be given.
It should be noted that this problem is not exclusive to Chrome and is present in other browsers. Being a flaw in Chromium, the base of Google's browser, it ends up being taken to Edge and others that use this proposal as their development platform.
As we have already mentioned, this serious security flaw in Chrome has already been resolved and the correction has been passed on to users. Even so, it left 2,5 billion users vulnerable, who were exposed to this Google browser problem and the theft of sensitive and important data.
