Impact
This vulnerability impacts access control to the mnemonic recovery phrase. It may be possible in some cases for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked.
There is no evidence this security issue was exploited in the wild.
Patches
Freighter wallet 5.3.1 no longer allows Javascript to access the mnemonic phrase through the private API. The extension automatically updates when a new version is published. Every Freighter wallet should be up-to-date with the security patch.
Reminder that users should never install the application outside of the official extension stores.
References
Pull Request: #948
Impact
This vulnerability impacts access control to the mnemonic recovery phrase. It may be possible in some cases for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked.
There is no evidence this security issue was exploited in the wild.
Patches
Freighter wallet 5.3.1 no longer allows Javascript to access the mnemonic phrase through the private API. The extension automatically updates when a new version is published. Every Freighter wallet should be up-to-date with the security patch.
Reminder that users should never install the application outside of the official extension stores.
References
Pull Request: #948