Security News

Microsoft's Patch Tuesday announcement was bad enough, with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer's MSHTML web rendering code. It's been followed by Google's latest Chrome security advisory, which includes a zero-day patch to Chrome's JavaScript engine amongst its 14 officially listed security fixes.

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild. "Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551. Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows,.

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June's Patch Tuesday addresses just 49 security holes - about half the normal number of vulnerabilities lately.

Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days. On this June 2021 Patch Tuesday, Microsoft has splatted 5 critical and 45 important bugs.

"These attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution in the Chrome web browser, we were able to find and analyze an elevation of privilege exploit that was used to escape the sandbox and obtain system privileges," Larin explained. According to Kaspersky, the two Windows flaws were chained to an exploit for a different Chrome vulnerability to plant high-end malware on specific targets running Windows.

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured. Microsoft has fixed 50 vulnerabilities with today's update, with five classified as Critical and forty-five as Important.

Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.