Google fixes sixth Chrome zero-day exploited in the wild this year

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Google Chrome

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.

Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > ‘About Google Chrome

Google updated to version 91.0.4472.10
Google updated to version 91.0.4472.10

Six Chrome zero-days exploited in the wild in 2021

Few details regarding today’s fixed zero-day vulnerability are currently available other than that it is a type confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine.

The vulnerability was discovered by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.

Google states that they are “aware that an exploit for CVE-2021-30551 exists in the wild.”

Shane Huntley, Director of Google’s Threat Analysis Group, says that this zero-day was utilized by the same threat actors using the Windows CVE-2021-33742 zero-day fixed yesterday by Microsoft.

Today’s update fixes Google Chrome’s sixth zero-day exploited in attacks this year, with the other five listed below:

  • CVE-2021-21148 – February 4th, 2021
  • CVE-2021-21166 – March 2nd, 2021
  • CVE-2021-21193 – March 12th, 2021
  • CVE-2021-21220 – April 13th, 2021
  • CVE-2021-21224 – April 20th, 2021 

In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser’s sandbox and install malware in Windows.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” the researchers said.



Former US Director of cybersecurity: Crypto ransomware ‘running wild’

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Former Department of Homeland Security official Christopher Krebs called for greater governmental oversight of cryptocurrency in an interview yesterday, saying that anonymous payments are a threat “the average American is concerned about.” 

In an interview on Late Night with Bill Maher, Maher asked the former U.S. Cybersecurity & Infrastructure Security Agency director about his thoughts on Bitcoin.

“What’s gonna happen with Bitcoin? Where do you see that going? That’s in sort of your area, I see it bringing down civilization, but maybe I’m being anti-intellectual,” said Maher.

“Cryptocurrency is, as I see it, is one of the single enabling factors that has allowed cyber-criminals to deploy a massive amount of ransomware across our state and local agencies,” said Krebs. “It’s the anonymous payments, the ability to pay anonymously. And I think that is the cyber-threat that the average American is concerned about.”

Maher noted that 1600 schools have been hit with ransomware (citing a report from IBM), and Krebs added that there have also been attacks on “hospitals, and government agencies, I mean we had, Baltimore’s been hit twice, Atlanta, Mecklenburg county North Carolina, 23 counties in Texas, Louisiana’s been hit a couple times.”

“And they just want money. This isn’t anything sophisticated, this isn’t ideological,” Maher responded, comparing — puzzlingly — the ransomware attacks to the plot of the movie Die Hard. (Shortly after, Krebs incorrectly referred to the fictitious Nakatomi Plaza as “Nakasomi Tower”).

Krebs went on to warn of “bad guys” running wild if there are “no consequences.” He recommended “looking at” cryptocurrencies in exchange wallets, pressuring countries that cyber-criminals call home to crack down on illegal activites aimed at the U.S., and helping state and local governments improve their defenses.

Ransomware has been on the rise the last few years, likely contributing to an image problem in the cryptocurrency space. One recent poll indicates that only 43% of respondents believe cryptocurrency is a valid form of payment, and another from 2020 shows that 90% of respondents are “worried” about…


New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems.

“Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers,” Palo Alto Networks’ Unit 42 Threat Intelligence Team said in a write-up.

The rash of vulnerabilities being exploited include:

  • VisualDoor — a SonicWall SSL-VPN remote command injection vulnerability that came to light earlier this January
  • CVE-2020-25506 – a D-Link DNS-320 firewall remote code execution (RCE) vulnerability
  • CVE-2021-27561 and CVE-2021-27562 – Two vulnerabilities in Yealink Device Management that allow an unauthenticated attacker to run arbitrary commands on the server with root privileges
  • CVE-2021-22502 – an RCE flaw in Micro Focus Operation Bridge Reporter (OBR), affecting version 10.40
  • CVE-2019-19356 – a Netis WF2419 wireless router RCE exploit, and
  • CVE-2020-26919 – a Netgear ProSAFE Plus RCE vulnerability

Also included in the mix are three previously undisclosed command injection vulnerabilities that were deployed against unknown targets, one of which, according to the researchers, has been observed in conjunction with MooBot.

The attacks are said to have been detected over a month-long period starting from February 16 to as recent as March 13.

Regardless of the flaws used to achieve successful exploitation, the attack chain involves the use of wget utility to download a shell script from the malware infrastructure that’s then used to fetch Mirai binaries, a notorious malware that turns networked IoT devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks.

Besides downloading Mirai, additional shell scripts have been spotted retrieving executables to facilitate brute-force attacks to break into vulnerable devices with weak passwords.

“The IoT realm remains an easily accessible target for attackers. Many vulnerabilities are very easy to exploit and could, in some cases, have catastrophic consequences,” the researcher said.

New ZHtrap Botnet…


Google discloses Windows zero-day exploited in the wild

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

The zero-day is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google’s elite vulnerability research team.

On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome’s secure container and run code on the underlying operating system — in what security experts call a sandbox escape.

The Google Project Zero team notified Microsoft last week and gave the company seven days to patch the bug. Details were published today, as Microsoft did not release a patch in the allotted time.

Windows 7 to Windows 10 are impacted

According to Google’s report, the zero-day is a bug in the Windows kernel that can be exploited to elevate an attacker’s code with additional permissions.

Per the report, the vulnerability impacts all Windows versions between Windows 7 and the most recent Windows 10 release.

Proof of concept code to reproduce attacks was also include.

Hawkes did not provide details about who was using these two zero-days. Usually, most zero-days are discovered by nation-sponsored hacking groups or large cybercrime groups.

Per the same Google report, the attacks were also confirmed by a…