Tag: chromium

Information has been available on a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if abused, might have allowed for the theft of files holding sensitive data. According to Imperva researcher Ron Masas, "The problem stemmed from the way the browser dealt with symlinks when processing files and directories." The theft of sensitive files was made possible because the browser, specifically, "did not correctly check if the symlink was leading to a location that was not intended to be accessible." As a case of inadequate data validation in the File System, Google described the medium-severity flaw (CVE-2022-3656) and published remedies for it in versions 107 and 108 that were released in October and November 2022 read the complete article Experts Detail Chro...