Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

New Chrome Zero-Day Vulnerability Under Active Exploitation—Update Your Browser Immediately

March 3, 2021

In a critical update, Google has announced the release of patches for a newly identified zero-day vulnerability within its Chrome web browser, which is reportedly being actively targeted by attackers. This follows just a month after the company addressed another vulnerability in the same software. The latest update, Chrome version 89.0.4389.72, is now available for Windows, Mac, and Linux systems. It includes a comprehensive set of 47 security fixes, with a significant focus on an “object lifecycle issue” related to audio processing. This vulnerability has been assigned the identifier CVE-2021-21166.

The security flaw was among two reported by Alison Huffman from Microsoft Browser Vulnerability Research on February 11. The second related issue, which also deals with an object lifecycle flaw within the audio component, was disclosed to Google on February 4, coinciding with the rollout of the stable version of Chrome 88. While the exact relationship between these two vulnerabilities remains unclear due to limited documentation from Google, it is now confirmed that threat actors are exploiting CVE-2021-21166 in real-world scenarios.

The notification raises immediate concerns for users, particularly those in business environments where vulnerability management is crucial. As Chrome continues to dominate the browser market, the implications of such vulnerabilities can be substantial. Hackers may leverage this flaw to gain unauthorized access and escalate privileges, posing significant risks to sensitive data and organizational integrity.

When assessing the potential tactics and techniques that attackers might employ, the MITRE ATT&CK Matrix provides a useful framework. The initial access phase may involve phishing or exploitation of the flaw itself, enabling adversaries to execute malicious code. Additionally, persistence techniques could be utilized to maintain a foothold within compromised systems, allowing for further exploitation without detection.

Google has acknowledged that exploits for this vulnerability are publicly available, further emphasizing the urgent need for users and organizations to update their browsers immediately. To mitigate risks associated with these types of attacks, it is advisable for businesses to implement a robust patch management strategy and maintain ongoing user education about cybersecurity best practices.

In summary, the latest security advisory highlights the importance of maintaining updated software as a fundamental component of cybersecurity hygiene. Business owners and IT professionals should prioritize the swift application of these patches to protect their environments from potential exploitations tied to the newly identified Chrome zero-day vulnerability. As the threat landscape continues to evolve, vigilance and proactive measures remain essential in safeguarding against cyber threats.

Source link

Related Posts

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

Urgent: Critical RCE Vulnerability Discovered in F5 Big-IP Platform—Immediate Patching Required!

On March 11, 2021, F5 Networks issued an advisory highlighting four severe vulnerabilities across various products that could lead to denial of service (DoS) attacks and unauthenticated remote code execution on affected networks. The advisory addresses a total of seven related flaws (CVE-2021-22986 through CVE-2021-22992), including two identified by Felix Wilhelm of Google Project Zero in December 2020. The four critical vulnerabilities impact BIG-IP versions 11.6, 12.x, and newer, with a notable pre-auth remote code execution issue (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 has stated that it is not currently aware of any public exploitation of these vulnerabilities. If successfully exploited, these flaws could lead to complete system compromise, enabling remote code execution and potential buffer overflow, resulting in DoS conditions. Customers are strongly urged to apply updates immediately.

Released ProxyLogon Exploit PoC: A Potential Catalyst for Increased Cyber Attacks

March 11, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory on Wednesday, highlighting ongoing exploitation of vulnerabilities in Microsoft Exchange on-premises products by both nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal sensitive information, encrypt data for ransom, or conduct destructive attacks,” the agencies stated. They also noted that compromised networks might be sold on the dark web. Recent attacks have mainly targeted local governments, academic institutions, NGOs, and businesses across various sectors such as agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceuticals—consistent with previous activities linked to Chinese cyber threats. Tens of thousands of entities, including the Eur…

Vulnerabilities in Two Major WordPress Plugins Impact Over 7 Million Sites

On March 18, 2021, researchers revealed security flaws in several WordPress plugins, which, if exploited, could enable attackers to execute arbitrary code and potentially take control of affected websites. The vulnerabilities were found in Elementor, a widely-used website builder plugin installed on more than seven million sites, and WP Super Cache, a popular tool for serving cached pages on WordPress. According to Wordfence, which identified the weaknesses in Elementor, the issue involves a series of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4). This occurs when malicious scripts are injected directly into a vulnerable web application. Specifically, the lack of server-side validation for HTML tags allows an attacker to inject executable JavaScript into posts or pages through crafted requests. “Since posts created by contributors are usually reviewed by editors or administrators before publication, any JavaScript added to one of the…