Typically, the clipboard copy and paste action will have to be approved by the user. Still, Jeff Johnson, a security expert, found the bug in Chrome 104 is removed, resulting in the leaking of sensitive data.
Clipboard is the most extensively used tool for all our copy paste requirements, which contains sensitive information like passwords, phone numbers, payment information, etc. Johnson states that this defect could be used in users copying wallet addresses on the clipboard in cryptocurrency’s fake sites that could threaten the complete digital wallet.
Johnson adds that Google’s browser is not the only one using this system. Even though Firefox and Safari use the same clipboard feature, they provide security with gesture-based protection. Unfortunately, there are very few safeguards against clipboard protection in all web browsers.
The commonly used key is Ctrl+c and Cmd+C for Mac users. Simply pressing the down arrow key to browse websites would permit a clipboard. Luckily, there are some websites to check if your system is infected, like webplatform.news, which will be added to your clipboard when you visit the site.
You will have to go to the site and paste what is copied on your clipboard into a Word document, and if you come across these wordings, your system is affected:
“Hello, this message is in your clipboard because you visited Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182.”
Even though Google is aware of this flaw, they have still not been able to find a solution.