Zero-days in Microsoft Windows and Chrome used in a series of highly targeted attacks ilonggotechblog.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ilonggotechblog.com Daily Mail and Mail on Sunday newspapers.
In April, Kaspersky experts discovered a number of highly targeted attacks against multiple companies utilising a previously undiscovered chain of Google Chrome and Microsoft Windows zero-day exploits. One of the exploits was used for remote code execution in the Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target the […]
Researchers failed to find an exploit used for remote code execution (RCE) in Chrome but found and analyzed an elevation-of-privilege exploit used to escape the sandbox and obtain system privileges.
As researchers didn t find the RCE in Chrome, they looked elsewhere and discovered a possible candidate. On April 12, Chromium developers committed two (issue 1196683, issue 1195777) Typer-related bug fixes to the open source repository of V8 a JavaScript engine used by Chrome and Chromium web browsers. This was after a team in a Pwn2Own competition demonstrated successful exploitation of the Chrome renderer process using a Typer Mismatch bug. One of these bug fixes (issue 1196683) was intended to patch a vulnerability that was used during Pwn2Own, and both bug fixes were committed together with regression tests – JavaScript files to trigger these vulnerabilities, said researchers.