Since the start of the year 2021, attackers have been trying to explore vulnerabilities in known web browsers like Google Chrome, Safari & Internet Explorer. In this article, we’ll be discussing Zero-Day Exploits in Chrome, Safari and Internet Explorer Detailed By Google.
Though this at the initial hearing may not sound a big deal, read this article ahead to know some dark sides of this internet era we are living in.
Uncovering The Exploits
So on June 16 2021, the Threat Analysis Group (TAG) from Google discovered the zero-day vulnerability and exposed it in the wild. To be precise there are these four in the wild Zero-Day Vulnerabilities that have been exposed in the wild. Below are the CVE details of each Vulnerability that have been discovered.
- CVE-2021-21166 and CVE-2021-30551 in Chrome,
- CVE-2021-33742 in Internet Explorer, and
- CVE-2021-1879 in WebKit (Safari)
Though it’s a relief that these exploits have been patched now, the TAG team discovered the Remote Code Execution 0 day exploit i.e CVE-2021-21166 in Feb 2021, while CVE-2021-30551 which is also a remote code execution 0 days exploit was founded in June 2021. Both of these exploits are being used by the same actor according to the TAG team.
How Did Zero-Day Exploits in Chrome, Safari and Internet Explorer Take Place
TAG says that both the exploits in Google Chrome were sent from the same sender in the form of an email link. So whenever the user clicks on the malicious link, he/she is redirected to the mimicked version of the original site that is controlled by the attacker and is designed especially for the targeted user.
Now when the user visits the malicious site. it immediately starts to collect the system info of the user, encrypts the exploit by generating ECDH keys. And at Last, this data is sent back to the exploit server. This exploit was planned to be launched for the releasing versions of Google Chrome on Windows machines but Google TAG patched it beforehand.
The above process determines whether or not you should be the victim of the exploit if you’re the victim. Then you’re system information like OS build version, CPU, firmware and BIOS information, attempt to detect virtual machines. Will be collected to launch the payload in the victim’s machine.
Threat Analysis Group also found this same vulnerability in both Safari & Internet Explorer browsers, but they’re now patched.
Who is Behind the Zero-Day Exploits in Chrome, Safari and Internet Explorer?
Well, it is being said that two of the Google Chrome vulnerabilities are being engineered by commercial providers and is used by Russian Government-backed attackers.
If you want to know about this vulnerability more deeply then read this How we protect users from 0-day attacks from Google.
Also Read: Update from Intel on Windows 11