[Michal Benkowki] has a good summary of his research which boils down to the following attack scenario:These sort of attacks require several things to go right, but it's possible. The technique is explained in more detail at Securitum.
Visit a malicious site. Copy something to the clipboard which allows the site to put in a dangerous payload. Visit another site with a browser-based visual editor (e.g., Gmail or WordPress) Paste the clipboard into the editor.
Copy & paste deemed a security risk
Posted on Monday, Jun 22 2020 @ 11:28 CEST by Thomas De Maesschalck
Hackaday reminds us that most of the common things we do on a PC could pose a security risk. In a new article, the site highlights the dangers of the copy & paste functionality. The idea here of a potential attack scenario is that a malicious site could copy a dangerous payload to the clipboard, which could be executed by the browser when the user pastes the content of the clipboard into a browser-based visual editor: