Unknown Attacker Chains Chrome and Windows Zero-Days

From infosecurity-magazine.com

Security researchers warn of a series of highly targeted attacks designed to compromise victim networks via Google Chrome and Microsoft Windows zero-day exploits.

The attackers are thought to have first exploited the now-patched CVE-2021-21224 remote code execution bug in Chrome.

“This vulnerability was related to a Type Mismatch bug in the V8 — a JavaScript engine used by Chrome and Chromium web-browsers,” explained Kaspersky. “It allows the attackers to exploit the Chrome renderer process: the processes that are responsible for what happens inside users’ tabs.”

Read more…