The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Google Chrome

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

September 02, 2022Ravie Lakshmanan
A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson. While the problem exists in Apple Safari and Mozilla Firefox as well, what makes the issue severe in Chrome is that the requirement for a user gesture to copy content to the clipboard is currently broken. User gestures include selecting a piece of text and pressing Control+C (or ⌘-C for macOS) or selecting "Copy" from the context menu. "Therefore, a gesture as innocent as clicking on a link or pressing the arrow key to scroll down the page gives the website permission to overwrite your system clipboard," Johnson  noted . The ability to substitute clipboard data poses se
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

August 31, 2022Ravie Lakshmanan
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole  said . "The latter borrows several phrases from another popular extension called GoFullPage." The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows - Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) - 800,000 downloads Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) - 300,000 downloads Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) - 200,000 downloads AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) - 20,000 downloads The extensions are designed to load a pi
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

August 17, 2022Ravie Lakshmanan
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as  CVE-2022-2856 , the issue has been described as a case of insufficient validation of untrusted input in  Intents . Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022. As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it  acknowledged  in a terse statement. The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads. The development marks the fifth zero-day vulnerab
Malicious Browser Extensions Targeted Over a Million Users So Far This Year

Malicious Browser Extensions Targeted Over a Million Users So Far This Year

August 17, 2022Ravie Lakshmanan
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company  said . As many as 1,311,557 users fall under this category in the first half of 2022, per Kaspersky's telemetry data. In comparison, the number of such users peaked in 2020 at 3,660,236, followed by 1,823,263 unique users in 2021. The most prevalent threat is a family of adware called WebSearch, which masquerade as PDF viewers and other utilities, and comes with capabilities to collect and analyze search queries and redirect users to affiliate links. WebSearch is also notable for modifying the browser's start page, which contains a search engine and a number of links to third-party sour
Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

July 22, 2022Ravie Lakshmanan
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to  Candiru  (aka Saito Tech), which has a history of  leveraging previously unknown flaws  to deploy a Windows malware dubbed DevilsTongue , a modular implant with  Pegasus -like capabilities. Candiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were  added to the entity list  by the U.S. Commerce Department in November 2021 for engaging in "malicious cyber activities." "Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties," security researcher Jan Vojtěšek, who reported the discovery of the flaw,  said  in a write-up. "We believe the attacks were highly targeted."
Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

July 05, 2022Ravie Lakshmanan
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as  CVE-2022-2294 , relates to a heap overflow flaw in the  WebRTC  component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the  heap area of the memory , leading to arbitrary code execution or a denial-of-service (DoS) condition. "Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE  explains . "When the consequence is arbitrary code execution, this can often be used to subvert any other security service." Credited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Thre
New Emotet Variant Stealing Users' Credit Card Information from Google Chrome

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome

June 09, 2022Ravie Lakshmanan
Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company  Proofpoint , which observed the component on June 6. The development comes amid a  spike  in  Emotet   activity  since it was resurrected late last year following a 10-month-long hiatus in the wake of a law enforcement operation that  took down its attack infrastructure  in January 2021. Emotet, attributed to a threat actor known as TA542 (aka Mummy Spider or Gold Crestwood), is an advanced, self-propagating and modular trojan that's delivered via email campaigns and is used as a distributor for other payloads such as ransomware. As of April 2022, Emotet is still the most popular malware with a global impac
Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

April 26, 2022Ravie Lakshmanan
Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to "execute commands remotely within [through] VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved uploading a DjVu file via the platform's web user interface that when passed to multiple third-party malware scanning engines could trigger an exploit for a high-severity remote code execution flaw in ExifTool , an op
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

March 28, 2022Ravie Lakshmanan
The operators of the  Purple Fox malware  have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers  said  in a report published on March 25, 2022. "The installers are actively distributed online to trick users and increase the overall botnet infrastructure." The findings follow  prior research  from Minerva Labs that shed light on a similar modus operandi of leveraging fraudulent Telegram applications to distribute the backdoor. Other disguised software installers include WhatsApp, Adobe Flash Player, and Google Chrome. These packages act as a first-stage loader, triggering an infection sequence that leads to the deployment of a second-stage payload from a remote server and culminating in the
North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

March 25, 2022Ravie Lakshmanan
Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks  aimed at security researchers  last year. The shortcoming in question is  CVE-2022-0609 , a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022. "The earliest evidence we have of this exploit kit being actively deploy
New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!

New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!

February 15, 2022Ravie Lakshmanan
Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked  CVE-2022-0609 , is described as a  use-after-free  vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems. "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," the company  said  in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group (TAG). Also addressed by Google four other use-after-free flaws impacting File Manager, Webstore API,  ANGLE , and GPU, a heap buffer overflow bug in Tab Groups, an inte
Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

December 14, 2021Ravie Lakshmanan
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the  17th such weakness  to be disclosed since the start of the year. Tracked as  CVE-2021-4102 , the flaw relates to a  use-after-free bug  in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from corruption of valid data to the execution of arbitrary code. An anonymous researcher has been credited with discovering and reporting the flaw. As it stands, it's not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, "it's aware of reports that an exploit for CVE-2021-4102 exists in the wild." This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors. CVE-2021-4102 is the second use-after-free vulnerability in V8 the comp
New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions

New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions

December 03, 2021Ravie Lakshmanan
A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. Cisco Talos attributed the malware payloads to an unknown actor that goes by the alias " magnat ," noting that "these two families have been subject to constant development and improvement by their authors." The attacks are believed to have commenced in late 2018, with intermittent activity observed towards the end of 2019 and through early 2020, followed by fresh spikes since April 2021, while mainly singling out users in Canada, followed by the U.S., Australia, Italy, Spain, and Norway. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individua
Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages

Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages

October 15, 2021Ravie Lakshmanan
A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva. The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers connected to an add-on called AllBlock. The  extension  has since been pulled from both the Chrome Web Store and Opera add-ons marketplaces. While AllBlock is designed to block ads legitimately, the JavaScript code is injected into every new tab opened on the browser. It works by identifying and sending all links in a web page — typically on search engine results pages — to a remote server, which responds back with a list of websites to replace the genuine links with, leading to a scenario where upon clicking a link, the victim is redirected to a different page. "When the user clicks on any modified li
Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

October 01, 2021Ravie Lakshmanan
Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as  CVE-2021-37975 and CVE-2021-37976 , are part of a total of four patches, and concern a  use-after-free flaw  in V8 JavaScript and WebAssembly engine as well as an information leak in core. As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks so as to allow a majority of users to be updated with the patches, but noted that it's aware that "exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild." An anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Clément Lecigne from Google Threat Analysis Group, who was al
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

September 25, 2021Ravie Lakshmanan
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as  CVE-2021-37973 , the vulnerability has been described as  use after free  in  Portals API , a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document." Clément Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's "aware that an exploit for CVE-2021-37973 exists in the wild." The update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ( CVE-2021-30869 ), which the TAG no
Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

September 14, 2021Ravie Lakshmanan
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as  CVE-2021-30632  and  CVE-2021-30633 , the  vulnerabilities  concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8. As is typically the case, the company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them. With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year — CVE-2021-21148  - Heap buffer overflow in V8 CVE-2021-21166  - Object recycle issue in audio CVE-2021-21193  -
New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection

New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection

September 13, 2021Ravie Lakshmanan
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome  Site Isolation protections  weaved into Google Chrome and Chromium browsers and leak sensitive data in a  Spectre-style   speculative execution  attack. Dubbed " Spook.js " by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a  JavaScript-based line of attack  that specifically aims to get around barriers Google put in place to potentially prevent leakage by ensuring that content from different domains is not shared in the same address space after Spectre and Meltdown vulnerabilities came to light in January 2018. "An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are autofilled,
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

July 23, 2021Ravie Lakshmanan
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was  uncovered  in August 2020, when it was found targeting Mac developers using an unusual means of distribution that involved injecting a malicious payload into Xcode IDE projects that's executed at the time of building project files in Xcode. The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications, such as Notes, WeChat, Skype, Telegram, and encrypting user files. Earlier this April, XCSSET  received an upgrade  that enabled the malware authors to target macOS 11 Big Sur as well as Macs running on M1 chipsets by circumventing new sec
Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild

July 16, 2021Ravie Lakshmanan
Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine ( CVE-2021-30563 ). The search giant credited an anonymous researcher for reporting the flaw on July 12. As is usually the case with actively exploited flaws, the company issued a terse statement acknowledging that "an exploit for CVE-2021-30563 exists in the wild" while refraining from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse. CVE-2021-30563 also marks the ninth zero-day addressed by Google to combat real-world attacks against Chrome users since the start of the year — CVE-2021-21148  - Heap buffer overflow in V8 CVE-2021-21166  - Obje
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.