untitled design
  • Tech News

Chrome allows sites to add anything to the clipboard without the knowledge of the user

  • 11:25 AM

Websites can write to the operating system’s clipboard without the user’s permission or any action on their part. This applies to Google Chrome and any other Chromium-based browser. This was made possible by recent changes that were made by the developers in order to be able to read and write data from the clipboard, thereby allowing the output of doodles (Google Doodle) via the NTP network protocol. Simply put, Chromium allowed all sites to access the clipboard without the need to receive confirmation of actions from the user.

The clipboard is often used to temporarily store sensitive data, so sites should not be able to access it. At least without the permission of the user. For example, Firefox and Safari protect the buffer from unauthorized access, but Chromium decided to go the other way. They believe that adding confirmation conditions for the readText and writeText APIs interrupts the display of doodles – variants of Google logos on the Chrome start page associated with certain events or people in a particular region. Therefore, the developers have weakened this check.

To test your browser, just go to the Webplatform News site, and then check the contents of the clipboard. If it contains the following message, then the browser is vulnerable to various clipboard manipulations:

“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see github.com/w3c/clipboard-apis/issues/182″.

Source: Trash Box

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular

untitled design
untitled design