Kaspersky trio spots Vista-era zero-days exploited through Chrome Wednesday, 09 June 2021 10:43 Kaspersky trio spots Vista-era zero-days exploited through Chrome Featured Pixabay
Global security firm Kaspersky has revealed that targeted attacks against a number of companies, which it noticed in April, initially used a vulnerability in Google s Chrome browser and then linked this to two zero-days in the Microsoft Windows 10 kernel.
Researchers Costin Raiu, Boris Larin and Alexey Kulaev said in
a detailed blog post that they had been unable to find the exploit used for remotely exploiting Chrome.
This is not surprising as Google s Project Zero team has rarely revealed full details about zero-days in its own products.
iTWire - Zero-day in Google s Chrome browser released on Twitter itwire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from itwire.com Daily Mail and Mail on Sunday newspapers.
Chrome, Edge users told not to overly panic over one-day bug Wednesday, 14 April 2021 10:33 Chrome, Edge users told not to overly panic over one-day bug
Shares Image by Deepanker Verma from Pixabay
Users of the Google Chrome and Microsoft Edge browsers have been told that they need not hold too many fears over a one-day vulnerability in the V8 JavaScript engine used by the two applications, but should still patch as and when patches were made available.
The
bug was disclosed on Twitter by an Indian researcher, Rajvardhan Agarwal, on Tuesday. Edge is based on the engine in Google s open-source Chromium browser.
Chrome Zero-Day Exploit Posted on Twitter threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.
The exploit came barely a day after another researcher at Pwn2Own demonstrated code execution on Microsoft Teams, which, like Zoom, has seen a surge in use since the global COVID-19 pandemic forced an increase in remote work at many organizations. The two exploits and several others against Microsoft Exchange Server, Windows 10, and other technologies have served as a further reminder of just how vulnerable some core enterprise software and communication products are to modern attacks. One of the biggest trends we see is that the participants continue to evolve and adapt to the targets, says Brian Gorenc, senior director of vulnerability research and head of ZDI at Trend Micro, which organizes the event each year. Even as vendors make exploitation more difficult, contestants find a path to win.