10 June 2021

Google patches Chrome zero-day exploited in the wild


Google patches Chrome zero-day exploited in the wild

Google has rolled out Chrome 91.0.4472.101 for Windows, Mac, and Linux, which contains 14 security fixes, including a patch for a zero-day flaw exploited in the wild.

Tracked as CVE-2021-30551, the zero-day flaw is described as a type confusion issue within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Google said it “is aware that an exploit for CVE-2021-30551 exists in the wild” without elaborating on the nature of the attacks, or who was behind them.

However, in a message on Twitter Shane Huntley, Director of Google's Threat Analysis Group, said that this zero-day flaw was exploited by the same threat actor together with the Windows CVE-2021-33742 zero-day patched by Microsoft as part of its June Patch Tuesday release.

“More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting,” Shane Huntley wrote.

It’s worth noting that Microsoft’s June Patch Tuesday also includes fixes for two other Windows zero-days (CVE-2021-31955 and CVE-2021-31956) that were abused in attacks launched by a new threat actor dubbed PuzzleMaker.

The attacks were first discovered in April 2021 by researchers at Kaspersky and involved a zero-day exploit chain abusing a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” Kaspersky wrote in a blog post.

"This dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system."


Back to the list

Latest Posts

Suspected Chinese hack affected Verizon, Southern California's water supplier

Suspected Chinese hack affected Verizon, Southern California's water supplier

The breach was part of the cyber-espionage campaign involving Pulse Connect Secure networking devices that came to light in April.
16 June 2021
Paradise ransomware source code leaked on XSS hacker forum

Paradise ransomware source code leaked on XSS hacker forum

The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.
16 June 2021
Apple fixes two iOS zero-days exploited in the wild

Apple fixes two iOS zero-days exploited in the wild

Both bugs affect the WebKit component in Apple iOS and allow remote code execution.
15 June 2021