Files stolen from a sneaky SymStealer. [Research Saturday]

Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently.
Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider …

browser browsers chrome cve file files google google chrome imperva input process protect red team research researchers ron stolen symstealer systems team theft vulnerabilities vulnerability work