CVE-2022-32969

Name of the Vulnerable Software and Affected Versions MetaMask versions prior to 10.11.3

Description The issue is related to the storage of confidential information in unencrypted form, allowing an attacker to access a user's secret recovery phrase. This is due to the use of an input field for a BIP39 mnemonic, which is saved to disk by Firefox and Chromium to support the Restore Session feature. An attacker with access to the computer, either physically or through remote access, could steal the recovery phrase and import the wallet onto their devices.

Recommendations For MetaMask versions prior to 10.11.3, update to version 10.11.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the Restore Session feature in Firefox and Chromium until the update is applied. Additionally, users can enhance protection by using wallet locks and being cautious of phishing sites.