Items tagged with 0-day

Issues within Chromium, the engine behind Google Chrome and Microsoft Edge, have been popping up left and right lately. That trend is not set to end any time soon, it seems, as a new zero-day Chromium vulnerability has been found with a working proof of concept posted to GitHub. Yesterday, Twitter user Frust posted that they were “Just here to drop a chrome 0day,” along with a link to the GitHub hosting the information. The GitHub repository currently contains a proof-of-concept webpage that will exploit the flaw within Chromium. This flaw was demonstrated in a YouTube video that we posted below, showing proof-of-concept working in the latest version of Chrome. The only major catch... Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being actively exploited. Thankfully, this exploit is targeted and is not related to any U.S. election hacking, which could become more prevalent in the coming days. Last week, the Project Zero team discovered an exploit in Google Chrome and Chrome OS. Around the same time, they found the Windows Kernel bug, and it was “subject to a 7-day disclosure deadline.” It was subject... Read more...
Zero-day exploits are a nightmare for end-users and vendors alike as both groups have to scramble to patch and resolve problems. Today, Microsoft got tagged with one of the worst types of disclosures -- not only is there a vulnerability in every single shipping version of Windows, the vulnerability has been exploited for years by a team of Russian hackers, codenamed Sandworm. According to the iSight Partners, the Sandworm Team has been caught seeking data on the Ukrainian crisis (further undercutting the idea that the crisis in that state was anything but a Russian operation -- if such evidence were still needed), data on Western European governments, and other issues related to diplomacy, telecommunications,... Read more...