Tag: Google | Page 9

Google Rolls Out Chrome Fix For First Chrome Zero-Day Exploit of 2024

January 17, 2024/in Internet Security

Google has recently addressed the first Chrome zero-day vulnerability exploited in the wild in the new year with security updates. The vulnerability, identified as CVE-2024-0519, is a high-severity issue related to an out-of-bounds memory access weakness in the Chrome V8 JavaScript engine. Attackers could exploit this vulnerability to gain unauthorized access to data beyond the memory buffer, potentially leading to exposure of sensitive information or causing a system crash.

What is a Zero Day Vulnerability?

A zero-day vulnerability refers to a security flaw in software or hardware that is actively exploited by attackers before the vendor or developer becomes aware of it. The term “zero-day” indicates that there are zero days of protection for users from the time the vulnerability is discovered by malicious actors until a fix or patch is made available.

Attacks on the real world

In response to reports of the CVE-2024-0519 exploit being used in real-world attacks, Google released security updates for users in the Stable Desktop channel. The patched versions were made available globally for Windows (120.0.6099.224/225), Mac (120.0.6099.234), and Linux (120.0.6099.224) users within a week of the vulnerability being reported to Google. Although the update may take some time to reach all impacted users, it was immediately accessible for manual installation, and Chrome users can also rely on the browser’s automatic update feature.

The vulnerability involves a situation where the expected sentinel is not located in the out-of-bounds memory, leading to excessive data being read. This can result in a segmentation fault or buffer overflow. MITRE explains that the product may modify an index or perform pointer arithmetic referencing a memory location outside the buffer boundaries, producing undefined or unexpected results. Besides unauthorized access to out-of-bounds memory, CVE-2024-0519 could be exploited to bypass protection mechanisms like ASLR, making it easier for attackers to achieve code execution through another weakness.

Google has not provided detailed information about the specific incidents where CVE-2024-0519 exploits were used. The company stated that access to bug details and…

Source…

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

January 16, 2024/in Computer Security

The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.

Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

Microsoft logo on keyboard (Kurt “CyberGuy” Knutsson)

Microsoft Excel’s new exploit

Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.

This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.

While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.

Google Chrome browser on laptop (Kurt “CyberGuy” Knutsson)

MORE: THE 7 SIGNS YOU’VE BEEN HACKED

Google Chrome’s bug

Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.

Four essential tips to secure your devices and data from hackers and scammers

To protect yourself from malicious hackers and scammers, we recommend you do the following four things.

1) Be cautious about using open-source…

Source…

Google Accounts Compromised Through Ingenious Malware Exploit

January 10, 2024/in Computer Security

In October 2023, security researchers at CloudSEK discovered a cyber threat that could compromise Google accounts through a sophisticated exploit.

The threat came to light when a hacker shared details about the exploit on a Telegram channel. The hacker’s post noted how cookies’ vulnerability could aid in breaching accounts.

Third-Party Cookies and the Vulnerability

These cookies, fundamental to website and browser functionality, were targeted by hackers seeking unauthorized access to private data. The exploit targeted Google authentication cookies, allowing perpetrators to bypass two-factor authentication.

The malware, discovered by CloudSEK, capitalizes on using third-party cookies to gain illicit access to users’ sensitive information. Google authentication cookies, designed to streamline user access without repetitive logins, became the focal point of the exploit.

By circumventing two-factor authentication, hackers could acquire these cookies, enabling continuous access to Google services even after users reset their passwords. The vulnerability highlights the intricacy and stealth of contemporary cyber-attacks, posing a significant challenge to digital security.

Being at the forefront of internet services, Google responded promptly to the threat. In an official statement, the tech giant reassured users that they routinely upgrade their defenses against such techniques to secure those who may fall victim to malware.

Additionally, Google emphasized the importance of users taking proactive steps, such as removing malware from their computers and enabling Enhanced Safe Browsing in Chrome. The latter is a feature designed to protect users against phishing attempts and malicious downloads.

As part of its commitment to user security, Google assured that any compromised accounts detected would be secured through appropriate actions.

The Complex Industry of Modern Cyber Threats

The CloudSEK researchers who uncovered this threat highlighted the complexity and stealth inherent in modern cyber-attacks.

In a blog post detailing the issue, Pavan Karthick M, a threat intelligence researcher at CloudSEK, emphasized how the exploit provided continuous access to Google…

Source…

Google Downplays Undocumented Chrome API Exploited by Malware to Extend Account Theft: Report

January 8, 2024/in Computer Security

Updated Jan 8, 2024, 07:45 AM IST

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

A simmering cyberwarfare saga just took a concerning turn, with researchers uncovering a novel technique employed by malware to prolong access to stolen Google accounts. While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

Malware’s New Trick: In late November, reports emerged of malware like Lumma and Rhadamanthys reviving expired Google authentication cookies, essentially granting attackers persistent access to victims’ accounts. Now, this tactic has gained traction, with four more malware families including Stealc, Medusa, RisePro, and Whitesnake adopting the same method.

The Undocumented Weapon: The key to this extended breach lies in an obscure Google OAuth “MultiLogin” API endpoint, discovered by cybersecurity firm CloudSEK. This API, initially believed to sync accounts across Google services, seems vulnerable to manipulation.

Exploiting the Loophole: Researchers suspect malware abuses this API by stealing two crucial tokens from Chrome: regular authentication cookies and a special “Refresh” token. With the Refresh token, even after stolen cookies expire, the malware can generate new ones, perpetuating unauthorized access. This essentially extends the malware’s lifespan within targeted accounts.

Google’s Murky Response: BleepingComputer’s attempts to understand the MultiLogin API have been met with silence from Google. The only documentation exists within Chrome’s source code, leaving security experts and users in the dark about its intended purpose and potential vulnerabilities.

Concerns on the Rise: Security researchers like Pavan Karthick of CloudSEK are sounding the alarm. They highlight the ease with which malware exploits this undocumented API, granting attackers extended access to sensitive user data, including emails, documents, and contacts. Furthermore, the lack of transparency from Google regarding the purpose and security of this API only amplifies the concerns.

Beyond Technicalities: The…

Source…

Tag Archive for: Google

Microsoft Excel’s new exploit

Google Chrome’s bug

Four essential tips to secure your devices and data from hackers and scammers

1) Be cautious about using open-source…

Third-Party Cookies and the Vulnerability

The Complex Industry of Modern Cyber Threats

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.