What is a Zero-Day Classification in Google?
A zero-day classification can be defined as a flaw exploited by hackers and also not found by Google. A fix or patch would not have been released yet for such a flaw. Google has already responded that such flaws are very dangerous, maybe more serious than the rest. The exploitation of such flaws by hackers in the wild is proven to be increasing day by day.
Usually, as soon as such a flaw is found out, an immediate patch or fix is released by Google in the form of an update for all Linux, macOS, and Windows users. Once a vulnerability is found out, it is usually released on the NVD (National Vulnerability Database).
Process of Zero-day Attack Targeting
Once an attacker becomes aware of a zero-day vulnerability, they need a delivery mechanism to reach the vulnerable system or exploit it. The most common method of getting in is through a socially engineered email. Such an email convinces the target to act on the behest of the attackers by downloading malicious content or entering sites that contain high risks. The end result is the targeted persons will be exploited.
The most recent zero-day vulnerabilities found by Google
Google announced out loud about finding and fixing 11 high severity vulnerabilities on 13th September. In this same announcement, a quote about finding 2 high-level zero-days was actually used by attackers to previously plant some malicious schemes. As a wall against this exploitation, a new update was released which included fixes and patches against all these vulnerabilities. The update was released on platforms Linux, macOS, and Windows. The version number is 93.0.4577.82.
The below mentioned are the latest discovered high-severity zero-days –
CVE – 2021-30632
Making use of this zero-day and with the help of a crafted HTML, the unknown attacker was able to exploit plenty of users.
CVE – 2021 – 30633
This particular zero-day was related to the Indexed DB API and was known as “Use after Free”.
By making use of this zero-day, the attacker who had compromised the process, with the help of a crafted HTML page, made a sandbox escape.
Checking the updated version of your browser (here, Chrome)
- Open the browser
- Click on the 3 tops at the right corner to access the settings.
- Find ‘About Chrome’ or the about info option of your browser.
Other Zero-Days Found this Year
This zero-day was related to Internet Explorer. In April 2021, Google’s TAG (threat analysis group) found a project targeting only Armenian users with affected or malicious documents that would load documents in internet explorer. In a further investigation, it was found that many documents were uploaded to Virustotal. This zero-day was fixed by Microsoft in June this year.
Discovered by TAG on 19th Mar 2021. This zero-day was interesting as it’s a vulnerability that didn’t require multiple chains. This campaign was run by attackers in such a way via social media platforms like LinkedIn or Facebook to target government officials from Western European Countries and make them fall into downloading malicious content or clicking on suspicious infected links.
The error was related to Webkit (Safari).
CVE-2021-21166 and CVE-2021-30551
These were linked to Chrome. The first was found in Feb 2021 and the second in June 2021. It has been noticed that both the zero-days were exploited by the same person or organization. These zero-days were exploited and the attackers targeted users who were all from Armenia. The attack was in such a way that emails were sent to the targets with infected links in order to make them access these links and thereby fall into the laid traps.
The moment the link is accessed, it would lead to a webpage that would blueprint the device and make the access better for the attacker to exploit info.
Further investigation led to a discovery that CVE-2021-21166 was linked to Webkit. This was resolved finally by Apple.
In the last few years, the number of zero-day exploitations has been reported a lot and it seems the increase is still in progress. Most of these zero-days found by Google’s TAG were developed by commercial providers and provided money to those having an influence in government.
Even though zero-days are more to be found in Chrome, it still remains the most downloaded and used browser followed by Edge and Brave.