Security News > 2021 > July > Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.
Both Chrome zero-days - CVE-2021-21166 and CVE-2021-30551 - are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.
The malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload. When Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google's Threat Analysis Group, revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.
Google did not disclose the identities of the exploit broker or the two threat actors that used the vulnerabilities as part of their attacks.
Attacks leveraging CVE-2021-1879, which Google attributed to a "Likely Russian government-backed actor," were executed by means of sending malicious links to government officials over LinkedIn that, when clicked from an iOS device, redirected the user to a rogue domain that served the next-stage payloads.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-30551 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-06-08 | CVE-2021-33742 | Out-of-bounds Write vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 0.0 |
| 2021-04-02 | CVE-2021-1879 | Cross-site Scripting vulnerability in Apple Watchos This issue was addressed by improved management of object lifetimes. | 6.1 |
| 2021-03-09 | CVE-2021-21166 | Race Condition vulnerability in multiple products Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |