Security News > 2021 > February > Google Chrome, Microsoft IE Zero-Days in Crosshairs
Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks.
The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.
The patch release comes amidst reports that a Google Chrome zero-day exploit was being used in the North Korean government-backed attacks against numerous researchers and personalities scattered across the offensive and defensive security space.
Beyond a blog post with the initial warning from its TAG, Google has been quiet on the possible use of a Chrome zero-day was used in the North Korean social-engineering campaign and whether this latest patch provides cover for that vulnerability.
Adding fuel to the fire, South Korean security vendor ENKI has published a claim that a Microsoft Internet Explorer browser zero-day may also be linked to the North Korean campaign.
Microsoft has itself documented its own findings on the North Korean hacks against white-hat researchers, threat intel professionals and offensive security professionals but Microsoft does not mention the use of an Internet Explorer zero-day.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)