The first thing to keep in mind is that most developers focus on these Chromium-based browsers, like Chrome itself. The reason for all this is quite simple, and it is that a large percentage of users choose to use these. On the other hand, we find those who use Internet browsers based on other engines, as is the case with MozillaFirefox either Safari. Well, we are telling you all this because this means that most of them work with a program that has a significant vulnerability.
Specifically, we mean that the websites we visit may write to clipboard when using chrome without user permission. All this means that, if we browse normally with Google Chrome or another Chromium-based web browser, websites can add whatever they want to the system clipboard. Obviously without the user’s permission or without the user doing anything.
The clipboard is that element integrated into the operating system itself that we use to save all types of content temporarily. Normally here we copy files to change their location, or a password to add to a website, or any text that interests us. We could say that this clipboard we are referring to is used constantly on our computer on most occasions. That is precisely why, at least in theory, the websites that we visit on the Internet should not have access to it. At least as long as we don’t grant you that permission.
How to see if my web browser is vulnerable
Once we know that websites should never have access to clipboard content, say that Chrome and others based on chrome They don’t have that restriction. However, other non-Chromium based proposals like firefox Y Safari they do protect their users’ clipboards. With everything and with it to check if the websites we visit have access to our clipboard of the operating system, such as Windows, we can do it easily.
To do this, we only have to visit the following Webplatform News website in a conventional way to take the test. After loading that page in the corresponding browser, we then copy the contents of the clipboard into a text editor, for example. It is very possible that a text message will appear telling us that our browser is vulnerable. Evidently this clipboard content has been copied by the visited website without our permission, which means that the program is vulnerable.
We say that it probably appears because the vast majority of users use Chrome or other Chromium-based browsers. However, if we do this test in Firefox, we will see that this mentioned text is not automatically copied to the clipboard.
To give us an idea, a bug report on the Chromium website talks about it all. The restriction of requiring user interaction when reading or writing to the clipboard has been removed due to an incompatibility with data exchange. In the same way they assure that they are working to solve the failure shortly.
