HomeWinBuzzer NewsGoogle Discloses Chrome Attacks Targeting Windows and Android

Google Discloses Chrome Attacks Targeting Windows and Android

Google Project Zero has detailed major exploits in the Chrome browser against Windows and Android that happened last year.

-

is this week warning of a major hacking operation that is targeting users on its own devices, and hardware running 's Windows platform. According to the company, threat actors initiated the attacks in early 2020 through two exploit servers.

Hackers were able to use vulnerabilities to deliver exploit chains in the form of watering hole attacks. This is a form of attack where the bad actor will monitor which sites and services a victim regularly uses and then attempt to infect one of them.

When the victim visits a regular website that is no infected, they too can be compromised by malware.

points out one server was targeting Windows and the other was targeting Android. Both exploit servers took advantage of vulnerabilities in the web browser. Project Zero charted the exploits through a six-blog post run this week.

Once an attacker infected a victim device, the browser would deploy OS-level exploits allowing the threat actor to gain more access and control. Google says the attack was achieved through a combination of zero-day and n-day exploits.

Exploits

Most people are familiar with zero-days, exploits that are previously unknown to developers. However, n-days are a little more obscure to the public. These are bugs that a company has previously patched but still have active exploits in the wild.

Google says the pair of exploit servers included the following:

  • Four “renderer” bugs in Google Chrome.
  • A pair of sandbox escape exploits.
  • A “privilege escalation kit”.

Included in those bugs were four zero-days for Windows. All bugs were patched early in 2020.

Project Zero says the bugs were sophisticated and capable of causing a lot of problems for infected devices:

“They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” Google said.

Tip of the day:

When you boot it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News

Mastodon