Google Chrome 104 bug could let websites secretly alter your clipboard Tom's Guide Skip to main content Tom's Guide is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us.

Google Chrome 104 bug could let websites secretly alter your clipboard

By Tom Pritchard published 2 September 2022 A new bug lets sites add to your clipboard, and you won't even realize. (Image credit: Shutterstock) As much as Google Chrome 104 fixes some serious security issues, it also appears to have introduced at least one new one. It's a bug so serious that it could compromise your device's clipboard, and expose you to some kind of wrongdoing in the process. Normally the user has to initiate a clipboard event. However, Chrome 104 has removed this requirement, according to security expert Jeff Johnson (opens in new tab). That means webpages could start adding stuff to your clipboard without you even being aware of that fact. Johnson even demonstrates the issue on his blog post, pointing users to the site Web Platform News (opens in new tab). Clicking that link immediately overwrites anything you have stored in your clipboard, and replaces it with the following text: "Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user's permission. Sorry for the inconvenience. For more information about this issue, see https://github.com/w3c/clipboard-apis/issues/182 (opens in new tab)." You don't have to do anything on the page, and simply opening the link allows the site to override your current clipboard content. Johnson notes that this issue showcases how insecure system clipboards are, and both Safari and Firefox can let web pages override your clipboard with a gesture. Normally this gesture is the classic Ctrl/Cmd + C, but Johnson discovered that even something as simple as clicking or scrolling down the page was enough to give sites permission to add stuff to your clipboard. The fundamental problem is, as Johnson puts it, is that "their design is equating user gestures with user consent." Those are not the same thing. It just so happens those meager protections are broken in Chrome 104, so visiting a page is enough to take advantage of the bug. The good news is that the issue doesn't appear to let websites read your clipboard, so anything you left in there should be safe. Which is useful because your clipboard could have any number of sensitive details, including passwords or payment information. However, the fact a website could add stuff to your clipboard, without you knowing, still puts you at risk. Particularly dodgy websites would have to get creative, but this bug could be exploited to take you to various fake sites to steal information. TechRadar Pro (opens in new tab) notes that this particular bug could be exploited to dupe users into entering a cryptocurrency wallet address into a fake site - potentially putting the whole wallet at risk. Chrome developers (opens in new tab) have already acknowledged the severity of this problem, and are likely working on a fix. But that fix is not ready yet, so even updating to the newly-launched Chrome 105 may not be enough to protect your clipboard. Sadly this is not something you can really do anything about, aside from avoiding Chrome and Chromium browsers altogether, so just make sure that you're vigilant about what you're copying and where it goes.Today's best Google Pixel 6 Pro dealsPlansUnlockedGet $50 off this p... (opens in new tab)No contractGoogle Pixel 6 Pro (Installments 128GB) (opens in new tab)Google Pixel 6 Pro (Installments 128GB) (opens in new tab)Free (opens in new tab) upfront$48.29/mth (opens in new tab)Unlimited minsUnlimitedtexts4GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds) (opens in new tab)No contractUnlimited minsUnlimitedtexts4GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds)View (opens in new tab)at Mint Mobile (opens in new tab)Free (opens in new tab) upfront$48.29/mth (opens in new tab)View (opens in new tab)at Mint Mobile (opens in new tab)Get $50 off this p... (opens in new tab)No contractGoogle Pixel 6 Pro (Installments 128GB) (opens in new tab)Google Pixel 6 Pro (Installments 128GB) (opens in new tab)Free (opens in new tab) upfront$53.29/mth (opens in new tab)Unlimited minsUnlimitedtexts10GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds) (opens in new tab)No contractUnlimited minsUnlimitedtexts10GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds)View (opens in new tab)at Mint Mobile (opens in new tab)Free (opens in new tab) upfront$53.29/mth (opens in new tab)View (opens in new tab)at Mint Mobile (opens in new tab)Get $50 off this p... (opens in new tab)No contractGoogle Pixel 6 Pro (Installments 128GB) (opens in new tab)Google Pixel 6 Pro (Installments 128GB) (opens in new tab)Free (opens in new tab) upfront$58.29/mth (opens in new tab)Unlimited minsUnlimitedtexts15GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds) (opens in new tab)No contractUnlimited minsUnlimitedtexts15GBdataCalls: Calls to MX & CA includedTexts: Messaging to MX & CA includedData: (slowed to 128kbps speeds)View (opens in new tab)at Mint Mobile (opens in new tab)Free (opens in new tab) upfront$58.29/mth (opens in new tab)View (opens in new tab)at Mint Mobile (opens in new tab)We check over 250 million products every day for the best prices

Be In the Know

Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Tom PritchardAutomotive EditorTom is the Tom's Guide's Automotive Editor, which means he can usually be found knee deep in stats the latest and best electric cars, or checking out some sort of driving gadget. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He's usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining that Ikea won't let him buy the stuff he really needs online. More about security These misspelled websites are spreading nasty malware - how to stay safe ExpressVPN reviewLatest Android 13 rolling out to Galaxy S22 now - who's getting it firstSee more latest ► Topics Security See all comments (0) No comments yet Comment from the forums MOST READMOST SHARED1Star Wars Tales of the Jedi release date and time: how to watch online2Android 13 rolling out to Galaxy S22 now - who's getting it first3Black Friday sales 2022 - best Australian deals and discounts4Black Friday deals 2022 - date and best early sales5PS5 vs. Xbox Series X: Which console wins?1Black Friday sales 2022 - best Australian deals and discounts2Black Friday deals 2022 - date and best early sales3PS5 vs. Xbox Series X: Which console wins?4How to watch House of the Dragon on HBO Max right now - release time and episode schedule 5Samsung Galaxy S23 Ultra - new 200MP camera possibly revealed