The dynamic nature of internet technology opens troves of possibilities for new breakthroughs in cyberspace, such as integrating Blockchain technology, adapting more complex critical infrastructure to ramp up cybersecurity to embracing AI into various facets of digital space. However, this dynamism also leaves several gaping holes in digital fabrics that can be exploited by cybercriminals in the form of vulnerabilities.

A cyber security vulnerability is any defect in an organization’s internal controls, system processes, or information systems. Hackers and cybercriminals may target these weaknesses and exploit them through weak spots. Recent security flaws, such as CVE-2022-3656, made it possible for remote attackers to acquire sensitive user information, such as cloud service provider login information and cryptocurrency wallet details.

Details of a newly identified and fixed vulnerability that affected all Chromium-based browsers, including Edge and Opera, and over 2.5 billion users of Google Chrome have been disclosed by the cyber security experts at Imperva Red Team.

About the Vulnerability

The vulnerability, identified as CVE-2022-3656, enables remote attackers to obtain private user information, including login credentials for cloud service providers and information on digital wallets. Further investigation found that the problem was caused by how the Chrome browser dealt with symlinks when handling directories and files.

Ron Masas, a researcher at Imperva, claims that the browser encouraged the theft of sensitive information by failing to verify if the symlink referred to an inaccessible place. According to Google, this medium-severity vulnerability was brought on by the File System’s insufficient data validation. In Chromium versions 107 and 108, which were published in October and November 2022, respectively, the firm offered a patch.

SymStealer Explained

The bug was dubbed SymStealer by Imperva researchers in their paper. When an attacker uses the File System to bypass software limitations and access restricted files, a problem arises. According to Imperva’s investigation, the browser recursively resolves all symlinks without warning when a user drags and drops a folder right onto a file input element.

Symlink, also known as a symbolic link, is a file that instructs the OS to treat a directory or file as if it were kept at the location of the symlink. This function often aids users in the creation of shortcuts, file organizing, and file path redirection.

However, Imperva’s study showed that this functionality might be used to produce vulnerabilities like this one, which appeared as a result of how browsers interacted with symlinks for processing files and directories. Another name for this problem is the symbolic link following.

Attack Scenario

Through this flaw, an attacker can deceive a victim into visiting a hacked website and downloading a ZIP archive file that contains a symlink to a priceless folder or file already on the device, such as wallet keys. The user is requested to upload their recovery keys when this file is uploaded back to this site as an infection chain component, such as a crypto wallet service. The attacker may now access the original key phrase file by following the symbolic link. The size of the file input element was modified by Imperva researchers using CSS slyness so that the file uploads correctly regardless of where the folder is dropped on the page.

In such a situation, the victim maybe completely unaware of the fraud since various crypto wallets or other online service requires its users to download recovery keys, which serve as backups in episode of losing account access due forgotten password


It is essential to always keep your software up to date to protect against the latest vulnerabilities and ensure that your personal and financial data remains safe and secure. It is also advised to invest in good anti-malware softwares and ensure regular PC check up by experts. The best defense one could adopt is to be well versed with technical know and how and rational approach to complicated situations.

Author: Mr. Shrey Madaan, Junior Consultant, CyberPeace Foundation

Leave a Reply

About Cyber Peace Corps

Address: B-55 MIG, Ranchi Jharkhand, India
Phone: (+91) 82350 58865
Email[email protected]