As Tenable reports, a zero-day vulnerability has been found in Google's Chrome browser. Targeted attacks are expected, albeit more on people, such as journalists, in the Middle East. However, the weak points are by no means harmless. A comment by James Sebree, Senior Staff Research Engineer at Tenable.
As early as 22.07.2022/XNUMX/XNUMX, several reports were published about a zero-day vulnerability in Google Chrome (and possibly Edge and Safari) that was exploited to attack journalists in the Middle East. Security company Avast linked the vulnerability to Candiru. Candiru has previously exploited previously unknown vulnerabilities to install Windows malware called DevilsTongue.
Exploit is very targeted
A watering hole technique is used to create a profile of the victim's browser, which includes details such as language, time zone, screen information, device type, browser plugins, referrers, and device memory, among others. Avast determined that the information was collected to ensure that the exploit is only delivered to the intended targets. If the collected data is considered valuable by the hackers, the zero-day exploit is transmitted to the victim's computer via an encrypted channel.
“The vulnerabilities discovered here are definitely serious, especially because they are so widespread in terms of the number of products affected. Most modern desktop browsers, mobile browsers, and any other product that uses vulnerable WebRTC components are affected. If successfully exploited, an attacker could run their own malicious code on a given victim's computer and install malware, spy on the victim, steal information, or perform any other criminal activity.
Businesses should patch pre-emptively
However, it is unlikely that we will see any general or public exploits for this vulnerability. The main vulnerability CVE-2022-2294 is a heap overflow, which is usually difficult to exploit due to the security features of most modern operating systems. All attacks that exploit this vulnerability are obviously highly targeted. While it is unlikely that widespread attacks will occur that exploit this vulnerability, the probability is not zero and organizations must deploy appropriate patches,” said James Sebree, senior staff research engineer at Tenable.
More at Sophos.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.