A vulnerability in Google Chrome – and in all Chromium-based browsers – allows webpages to replace the contents of the system clipboard without the user’s consent or interaction. The issue arises because the browser lacks the required protections to stop websites from copying content to the clipboard.
A requirement for a user motion to copy material to the clipboard was broken in Chrome 104, which is when the bug first appeared. As a result, when a user accesses a specially designed webpage, the material in the system clipboard may be changed to content that was defined on that page.
The same problem also exists in Firefox and Safari. While the bug in Chrome may be activated without user input, Firefox and Safari both require some sort of gesture to take use of it.