Jul 16 2021, 03:30 AM, updated 5y ago
QUOTE
Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows -
CVE-2021-1879: Use-After-Free in QuickTimePluginReplacement (Apple WebKit)
CVE-2021-21166: Chrome Object Lifecycle Issue in Audio
CVE-2021-30551: Chrome Type Confusion in V8
CVE-2021-33742: Internet Explorer out-of-bounds write in MSHTML
Both Chrome zero-days — CVE-2021-21166 and CVE-2021-30551 — are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows -
CVE-2021-1879: Use-After-Free in QuickTimePluginReplacement (Apple WebKit)
CVE-2021-21166: Chrome Object Lifecycle Issue in Audio
CVE-2021-30551: Chrome Type Confusion in V8
CVE-2021-33742: Internet Explorer out-of-bounds write in MSHTML
Both Chrome zero-days — CVE-2021-21166 and CVE-2021-30551 — are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.
https://thehackernews.com/2021/07/google-de...e-zero-day.html
Quote
0.0111sec
0.94
5 queries
GZIP Disabled