Fresh vulnerability in Chrome exploited to attack WeChat users in China

Fresh vulnerability in Chrome

The Record reports that the Chinese cybersecurity company Qingteng Cloud Security has detected attacks on WeChat users, in which is used a fresh vulnerability in Chrome. The attackers used an exploit published last week.

The attacks were extremely simple: malicious links were sent to Chinese WeChat users (only Windows versions of the application). If the user clicked on such a link, JavaScript code was run, which downloaded and executed the shellcode on the victim’s system.

The attackers are known to have used a PoC exploit for a fresh vulnerability in Chromium. Let me remind you that two such exploits were published on the network last week, and it is still unknown which of them we are talking about.

This was because the attackers re-purposed proof of concept code published on Twitter and GitHub last week for two separate bugs in the Chromium browser engine, which the WeChat Windows client is using to open and preview links without needing to open a separate browser.information security specialists from Qingteng Cloud Security say.

It should be said that currently both bugs have been fixed by Microsoft Edge, and only the first bug has been fixed in Chrome.

The fact is that WeChat also uses Chromium to open and preview links so as not to open a separate browser, which means it can be susceptible to both problems. And last week, researchers emphasized that their exploits are not able to escape the sandbox, but they can work with applications that use Chromium as a basis, without the sandbox.

Qingteng Cloud Security said it has already notified WeChat developer Tencent of the issue, and the company has rushed to integrate the latest Chromium security updates into its app.

The Chromium project has also released fixes to address both bugs, but the fixes are still making their way downstream to all apps that are using the browser engine.The Record journalists write.

Let me remind you that I wrote that Chrome frantically fixes 0-day vulnerabilities again.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *