this post was submitted on 14 Sep 2024
1640 points (99.0% liked)

Technology

72784 readers
3257 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
1640
Be careful. (feddit.org)
submitted 10 months ago by 101@feddit.org to c/technology@lemmy.world
170 comments fedilink hide all child comments
 

Source.

you are viewing a single comment's thread
view the rest of the comments
[–] Kethal@lemmy.world 200 points 10 months ago* (last edited 10 months ago) (13 children)

It seemed odd to me that a Web site could write to or read from the clipboard without the user approving it. That would be a pretty obvious security and privacy issue. From what I gather, on Chrome sites can write to the clipboard without approval, but they need approval to read. ~~On Firefox and others any access requires permission. Thus this exploit seems limited to Chrome users.~~

@SkaveRat pointed out that it doesn't require permission, only interaction. So likely there's a button that's clicked that writes to the clipboard, and most browsers are susceptible to this.

[–] SkaveRat@discuss.tchncs.de 177 points 10 months ago (11 children)

not when there was a user intent like clicking a button.

For example in this screenshot, it's likely that there's only the "verify I'm human" button first, you click it, the steps pop up, and at the same time the command ist copied into your clipboard

[–] MeatsOfRage@lemmy.world 94 points 10 months ago* (last edited 10 months ago) (1 children)

Exactly, copy requires a click but there's no rule that the copy button has to look like anything particular

[–] dan@upvote.au 17 points 10 months ago* (last edited 10 months ago)

It doesn't necessarily need a click - it can be triggered by a keypress too (eg at my workplace we have a few internal pages where you can press a keyboard shortcut to copy a shortened URL for the current page).

It has to be something the browser considers a user interaction, meaning the user has expressed an intent to perform the action. That's usually a button press or keypress.

load more comments (9 replies)
load more comments (10 replies)