Websites can write to the operating system’s clipboard without the user’s permission or any action on their part. This applies to Google Chrome and any other Chromium-based browser. This was made possible by recent changes that were made by the developers in order to be able to read and write data from the clipboard, thereby allowing the output of doodles (Google Doodle) via the NTP network protocol. Simply put, Chromium allowed all sites to access the clipboard without the need to receive confirmation of actions from the user.
The clipboard is often used to temporarily store sensitive data, so sites should not be able to access it. At least without the permission of the user. For example, Firefox and Safari protect the buffer from unauthorized access, but Chromium decided to go the other way. They believe that adding confirmation conditions for the readText and writeText APIs interrupts the display of doodles – variants of Google logos on the Chrome start page associated with certain events or people in a particular region. Therefore, the developers have weakened this check.
To test your browser, just go to the Webplatform News site, and then check the contents of the clipboard. If it contains the following message, then the browser is vulnerable to various clipboard manipulations:
“Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see github.com/w3c/clipboard-apis/issues/182″.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.