Unknown Attacker Chains Chrome and Windows Zero-Days

Security researchers warn of a series of highly targeted attacks designed to compromise victim networks via Google Chrome and Microsoft Windows zero-day exploits.

The attackers are thought to have first exploited the now-patched CVE-2021-21224 remote code execution bug in Chrome.

“This vulnerability was related to a Type Mismatch bug in the V8 — a JavaScript engine used by Chrome and Chromium web-browsers,” explained Kaspersky. “It allows the attackers to exploit the Chrome renderer process: the processes that are responsible for what happens inside users’ tabs.”

The second stage was an elevation of privilege exploit linked to two separate vulnerabilities in the Microsoft Windows OS kernel. The first, CVE-2021-31955, can lead to the disclosure of sensitive kernel information, while the second, CVE-2021-31956, is a heap-based buffer overflow bug.

Kaspersky claimed that attackers CVE-2021-31956 alongside the Windows Notification Facility (WNF) to create arbitrary memory read/write primitives and execute malware modules with system privileges.

Once they’ve gained a foothold in victim networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as legitimate Windows files.

One of these is a remote shell module designed to download and upload files, create processes, lie dormant for periods of time, and delete itself from the infected system, Kaspersky said.

Microsoft patche ..

Support the originator by clicking the read the rest link below.