Mar 25 2022

Chrome emergency update fixes actively exploited a zero-day bug

Category: Web SecurityDISC @ 2:39 pm

Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked as CVE-2022-1096, exploited in the wild.

The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23.

“The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks.” reads the security advisory published by Google.

“Google is aware that an exploit for CVE-2022-1096 exists in the wild.”

At this time, Google has yet to publish technical details about the flaw ether how it was exploited by threat actors in the wild.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” continues the advisory.

 is the second zero-day vulnerability addressed by the IT giant this year in Chrome. In February Google fixed a high-severity zero-day flaw, tracked as , which was actively exploited. Google released a Chrome emergency update for Windows, Mac, and Linux to fix the  bug.

The CVE-2022-0609 zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.

The flaw was exploited by North Korea-linked threat actors since January 4, 2022.

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

Tags: Chrome emergency update fixes, Sandworm

Dec 13 2020

Suspected Russian hackers spied on U.S. Treasury emails

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.

Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

Source: Suspected Russian hackers spied on U.S. Treasury emails – sources

    Active Exploitation of SolarWinds Software

    Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack

    SolarWinds Security Advisory

    Massive suspected Russian hack is 21st century warfare

    The government has known about the vulnerabilities that allowed the SolarWinds attack since the birth of the internet—and chose not to fix them.

    WATCH: Trump refuses to acknowledge that Russia meddled in US elections


U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers

#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback

Tags: APT29, cyber hacking, FireEye, Greenburg, Russian cyber attack, Russian espionage, Russian hackers, Sandworm, U.S. Treasury