Remote code execution exploitĪll of the observed attacks were conducted through Chrome browser.
Both vulnerabilities were patched on June 8, 2021, as a part of the June Patch Tuesday. On April 20, 2021, we reported these vulnerabilities to Microsoft and they assigned CVE-2021-31955 to the information disclosure vulnerability and CVE-2021-31956 to the elevation of privilege vulnerability.
The elevation of privilege exploit was fine-tuned to work against the latest and most prominent builds of Windows 10 (17763 – RS5, 18362 – 19H1, 18363 – 19H2, 19041 – 20H1, 19042 – 20H2) and it exploits two distinct vulnerabilities in the Microsoft Windows OS kernel. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. It is to Google’s credit that fixes for high level attacks are consistently released within days of their discovery, but they are only effective if billions of users subsequently restart their browsers.On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Remember: after updating, you must restart your browser to be protected.
If the update is not yet available for your browser, make sure you check regularly for the new version. To check if you are protected, navigate to Settings > Help > About Google Chrome. Be warned, Google states that “this will roll out over the coming days/weeks” which means you may not be able to protect yourself immediately.
In response to these new threats, Google has released a major new update for Chrome, version. V8 is an open-source JavaScript engine which is used by Google Chrome and Chromium-based web browsers like Microsoft Edge, Opera, Amazon Silk, Brave, Yandex and Vivaldi. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed.Ĭhrome V8 exploits have also been rife in 2021 along with Heap buffer overflow flaws. Successful UAF exploits topped 10x in both September and October and have been the cause of several ‘ zero-day’ hacks as well. These hacks follow a familiar pattern, with ‘Use-After-Free’ ( UAF) exploits once more making up the majority of attacks. Reported by Sergei Glazunov of Google Project Zero on