Attackers exploit zero-day flaws in Chrome, Safari and Internet Explorer
Houston, TX, USA, 11/09/2021 / Action1 /
Threat Analysis Group Uncovers 0-Day Flaw Attacks in Chrome, Safari and Internet Explorer
The Threat Analysis Group (TAG) — a Google department designed to identify cyberthreats — has uncovered two 0-day exploits of vulnerabilities in Google Chrome in 2021, as well as one each in Microsoft’s Internet Explorer and Apple’s Safari. These four separate incidents were identified between February and June of this year.
A 0-day vulnerability refers to any security flaw that the software vendor is aware of but has not yet implemented a patch to fix. Cybercriminals and nefarious actors can exploit these vulnerabilities, using fraudulent links or other techniques in browsers such as Internet Explorer or Chrome to attack users. As the vulnerabilities are unpatched, these attacks can be particularly damaging to web users.
How 0-Day Flaws Put Users at Risk
TAG found that Chrome vulnerabilities had been exploited when one-time links were delivered to the target email. These links directed the user to a website that appeared to be legitimate but was, in fact, controlled by the attacker.
Upon accessing the fraudulent website, the user’s device was fingerprinted and a range of data was captured — including timezone information, language, browser plugins and data on available MIME types. While this information may not be as sensitive as financial data or personal ID info, it provides cybercriminals with the insight they need to possibly launch a follow-up attack on the user’s device.
A Growing Problem, Year on Year
TAG security researchers Maddie Stone and Clement Lecigne explained that these high-profile attacks were not isolated incidents. By June of this year, there had already been 33 0-day exploits reported in 2021 — 11 more than the total number of exploits reported in the entirety of 2020. This shows that attackers are aware of such vulnerabilities and are willing to exploit them to their own ends.
The Chrome, Safari and Internet Explorer exploits demonstrate that even trusted tech partners and providers are not immune to such vulnerabilities. Meanwhile, the dramatic rise in the number of attacks across the year so far tells us that the problem is not only increasing but is intensifying. The implementation of patch management systems — coupled with a proactive and positive stance towards identifying vulnerabilities and threats — is key to combating this significant issue.
Protecting Systems and Users with Action1
At Action1, we provide patch management systems and remote monitoring and management software designed to keep organizations and their users safe from harm. Reach out to our team to discover more.
There is no offer to sell, no solicitation of an offer to buy, and no recommendation of any security or any other product or service in this article. Moreover, nothing contained in this PR should be construed as a recommendation to buy, sell, or hold any investment or security, or to engage in any investment strategy or transaction. It is your responsibility to determine whether any investment, investment strategy, security, or related transaction is appropriate for you based on your investment objectives, financial circumstances, and risk tolerance. Consult your business advisor, attorney, or tax advisor regarding your specific business, legal, or tax situation.