1638
Be careful. (feddit.org)
submitted 1 month ago by 101@feddit.org to c/technology@lemmy.world
173 comments fedilink hide all child comments

Source.

you are viewing a single comment's thread
view the rest of the comments
[-] Kethal@lemmy.world 200 points 1 month ago* (last edited 1 month ago)

It seemed odd to me that a Web site could write to or read from the clipboard without the user approving it. That would be a pretty obvious security and privacy issue. From what I gather, on Chrome sites can write to the clipboard without approval, but they need approval to read. ~~On Firefox and others any access requires permission. Thus this exploit seems limited to Chrome users.~~

@SkaveRat pointed out that it doesn't require permission, only interaction. So likely there's a button that's clicked that writes to the clipboard, and most browsers are susceptible to this.

[-] SkaveRat@discuss.tchncs.de 177 points 1 month ago

not when there was a user intent like clicking a button.

For example in this screenshot, it's likely that there's only the "verify I'm human" button first, you click it, the steps pop up, and at the same time the command ist copied into your clipboard

[-] MeatsOfRage@lemmy.world 94 points 1 month ago* (last edited 1 month ago)

Exactly, copy requires a click but there's no rule that the copy button has to look like anything particular

[-] dan@upvote.au 17 points 1 month ago* (last edited 1 month ago)

It doesn't necessarily need a click - it can be triggered by a keypress too (eg at my workplace we have a few internal pages where you can press a keyboard shortcut to copy a shortened URL for the current page).

It has to be something the browser considers a user interaction, meaning the user has expressed an intent to perform the action. That's usually a button press or keypress.

load more comments (9 replies)
load more comments (10 replies)
this post was submitted on 14 Sep 2024
1638 points (99.0% liked)

Technology

59174 readers
2383 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world