10 June 2021

Google patches Chrome zero-day exploited in the wild


Google patches Chrome zero-day exploited in the wild

Google has rolled out Chrome 91.0.4472.101 for Windows, Mac, and Linux, which contains 14 security fixes, including a patch for a zero-day flaw exploited in the wild.

Tracked as CVE-2021-30551, the zero-day flaw is described as a type confusion issue within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Google said it “is aware that an exploit for CVE-2021-30551 exists in the wild” without elaborating on the nature of the attacks, or who was behind them.

However, in a message on Twitter Shane Huntley, Director of Google's Threat Analysis Group, said that this zero-day flaw was exploited by the same threat actor together with the Windows CVE-2021-33742 zero-day patched by Microsoft as part of its June Patch Tuesday release.

“More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting,” Shane Huntley wrote.

It’s worth noting that Microsoft’s June Patch Tuesday also includes fixes for two other Windows zero-days (CVE-2021-31955 and CVE-2021-31956) that were abused in attacks launched by a new threat actor dubbed PuzzleMaker.

The attacks were first discovered in April 2021 by researchers at Kaspersky and involved a zero-day exploit chain abusing a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” Kaspersky wrote in a blog post.

"This dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system."


Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021