10 June 2021

Google patches Chrome zero-day exploited in the wild


Google patches Chrome zero-day exploited in the wild

Google has rolled out Chrome 91.0.4472.101 for Windows, Mac, and Linux, which contains 14 security fixes, including a patch for a zero-day flaw exploited in the wild.

Tracked as CVE-2021-30551, the zero-day flaw is described as a type confusion issue within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Google said it “is aware that an exploit for CVE-2021-30551 exists in the wild” without elaborating on the nature of the attacks, or who was behind them.

However, in a message on Twitter Shane Huntley, Director of Google's Threat Analysis Group, said that this zero-day flaw was exploited by the same threat actor together with the Windows CVE-2021-33742 zero-day patched by Microsoft as part of its June Patch Tuesday release.

“More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting,” Shane Huntley wrote.

It’s worth noting that Microsoft’s June Patch Tuesday also includes fixes for two other Windows zero-days (CVE-2021-31955 and CVE-2021-31956) that were abused in attacks launched by a new threat actor dubbed PuzzleMaker.

The attacks were first discovered in April 2021 by researchers at Kaspersky and involved a zero-day exploit chain abusing a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” Kaspersky wrote in a blog post.

"This dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system."


Back to the list

Latest Posts

NSA publishes guidance on how to secure wireless devices in public settings

NSA publishes guidance on how to secure wireless devices in public settings

The agency advises to avoid connecting to public Wi-Fi, and use a corporate or personal Wi-Fi hotspot with strong authentication and encryption whenever possible.
30 July 2021
Death Kitty ransomware reportedly behind the attack on South African ports

Death Kitty ransomware reportedly behind the attack on South African ports

The attackers claim they encrypted the company’s files, including 1TB of personal data, financial reports and other documents.
30 July 2021
New destructive wiper malware linked to recent Iranian railway attack

New destructive wiper malware linked to recent Iranian railway attack

The Meteor wiper was developed in the past three years and seems to be designed for reuse in multiple campaigns.
30 July 2021