Websites can modify the clipboard sans permission in Chrome based world

[moonbat]

Link.

And the reason given?

A bug report on the Chromium website highlights that the restriction to require a user gesture before reading or writing to the clipboard has been removed. The reason given: it breaks NTP doodle sharing.

NTP here is 'new tab page'. Nice to know that being able to share a Google Doodle trumps any concerns about security.

[Moonchild]

Chrome is a Google product. of course being able to use Google services trumps security concerns when it comes down to a hard choice.
Not the first time this kind of stuff happens - this one is just more exposed now.

By the way.... why does the "event based logo" require clipboard access in the first place, and why did they kill a blink security(or at least privacy) feature to cater to it instead of fixing the gadgeteering around the Google logo?

[moonbat]

why did they kill a blink security(or at least privacy) feature to cater to it instead of fixing the gadgeteering around the Google logo

One thing I've noticed with the generation of developers that started around 2010 onwards - call them millennials or Gen Z or whatever - they are all coddled and encouraged to play around with the end product. The whole market shift to Agile - again thanks to Chrome - where an end user product is subject to weekly and fortnightly updates that add no UI/UX value, just so developers can keep playing around.

In earlier times this was restricted to easter eggs, which are innocuous and don't interfere with everyday usage.

[vannilla]

In fairness Google has a lot of departments so it's very likely that the team behind the logo thing is separate from the team dedicated to the clipboard thing and the second team cannot prevail over the decisions of the first team, so if the logo cannot be changed for bogus reasons all you can do is disable security features or whatever.

[jobbautista9]

And this is why I don't believe "security experts" saying Chromium is the most secure.

Off-topic:
In fact it's the very opposite due to the multi-process stuff. They might be right in saying Chromium is more secure than Firefox though, due to the latter's inferior implementation of multi-process.

[The Squash]

Great! Now the people I know who still go around copying and pasting cryptocurrency addresses into Web pages, will finally have another reason to take my advice from years back: Don't trust the clipboard contents. No joke. Some people still do that. Now that would be a serious security hole.

[Moonchild]

It's always good practice to verify what you have pasted is correct before clicking that submit button. That's a few valuable seconds of your time.

[carpet]

Via links at the Ghacks article in the first post you can find a Mac-only browser extension called Stop the Madness which stops various kinds of keyboard and OS hijacking by websites (the author says it may stop the clipboard overwriting in some but not all situations). My question is, does anyone know of something similar for Windows? Seems like something the people in this thread might know about. I don't have just one specific hijack I want to block so this looks good because it takes care of many kinds.

https://underpassapp.com/StopTheMadness/
https://lapcatsoftware.com/articles/clipboard.html

[Moonchild]

Maybe not a solution to this particular problem but a workaround: I use a clipboard manager in my True Launch Bar application that gives me a clipboard history. If the clipboard data gets overwritten I simply recall what was there from the history. I gather any clipboard history application (doesn't office come with one?) will allow you to do the same.
Or, of course, you could just avoid using Chrome

[moonbat]

On Windows 10, there's a built in clipboard manager you can access with windows key + V.

[Moonchild]

On Windows 10, there's a built in clipboard manager you can access with windows key + V.

Good to know! I'm not going to switch over to it myself though as I like the added functionality from my TLB plugin like being able to lock clips.

[somdcomputerguy]

On Windows 10, there's a built in clipboard manager you can access with windows key + V.

Good to know! I'm not going to switch over to it myself though as I like the added functionality from my TLB plugin like being able to lock clips.

I use that feature a lot. I used to use a third party clipboard manager before MS built it into the OS.