In Chrome, Websites Can Copy Content To The Clipboard Without The User’s Consent.

by | Mar 7, 2024

If you use Google Chrome or another Chromium-based web browser, websites are free to copy any content they like to your computer’s clipboard without your knowledge or consent.

Chrome Clipboard Pasting Without Permission :

The system’s clipboard can be used by computer users to save temporary items like passwords, files, and bits of text that they find online and want to paste into a Word document or search engine.

The contents of the clipboard shouldn’t ever be accessible by sites, at least not without user consent. There is presently no such limitation in Chrome and other Chromium-based browsers. The user gesture requirement was something that the designers of the Brave web browser thought about including in 2021, however the browser does not currently support it. The two other popular browsers, Firefox and Safari, which are not based on Chromium, safeguard their users’ clipboards.

To check your browser, go to the Webplatform News website. All that is required is a simple website visit followed by a clipboard content check.

The browser is susceptible to unwanted clipboard manipulation if you notice the following statement in your clipboard:

Hello, this message is in your clipboard because you visited the website Web Platform News in a browser that allows websites to write to the clipboard without the user’s permission. Sorry for the inconvenience. For more information about this issue, see.

All current Chromium-based browsers are impacted by this. In order for websites to copy material to the device’s clipboard, Firefox and Safari do require a user gesture. In this context, a user gesture denotes choosing website material and then using Ctrl-C or another keyboard shortcut to copy it to the clipboard.According to a bug report on the Chromium website, it is no longer necessary for the user to make a gesture before reading or writing to the clipboard. As an explanation, it interferes with NTP doodle sharing.Adding user gesture requirement for readText and writeText APIs breaks NTP doodle sharing. We are relaxing this check for now, but we should fix this for sites to not rely on these APIs to be called without a user gesture.See NewTabPageDoodleShareDialogFocusTest.All test for more details.Doodles are Google Doodles, which are versions of the Google logo that emphasise things or individuals. NTP stands for the browser’s New Tab Page.The user gesture requirement might prevent remote clipboard synchronisation in browsers, according to this GitHub page.