Imperva Red Team recently revealed a vulnerability called CVE-2022-3656 that affects more than 2.5 billion users of Google Chrome and Chromium-based browsers.
This vulnerability allows the theft of sensitive files, such as encrypted wallets and cloud provider credentials.
Vulnerability specification:
1.https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
2.https://www.imperva.com/blog/google-chrome-symstealer-vulnerability/
Instructions for use:
-
Download the poc.zip file and decompress it
-
Navigate to "fancy-poc" and provide the file (python3 -m http.server)
-
Open http://localhost:8000 and follow the PoC instructions
