Zero-days in Microsoft Windows and Chrome
As early as April, Kaspersky experts discovered a series of extremely targeted cyber attacks with exploits against several companies that were using previously undiscovered zero days for Google Chrome and Microsoft Windows. New threat actor PuzzleMaker is at work. Kaspersky has not yet been able to connect to known threat actors and therefore calls this new threat actor PuzzleMaker. One of the exploits was used to remotely execute code in the Chrome web browser, the other was used to elevate privilege and target the latest and most popular builds of Windows 10. The latter exploits two vulnerabilities in the Microsoft Windows operating system kernel: security vulnerability CVE-2021-31955 and the Elevation-of-Privilege security vulnerability ...