- Joined
- Mar 3, 2018
- Messages
- 1,713
Google just publicized a combination of zero-day exploits for Windows 7 and Chrome that are reportedly being exploited together in the wild. The bug in Chrome allegedly involved the browser's file reader, while the vulnerability in Windows "is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances." Google says they reported the bug on February 27th, and pushed out a patch for Chrome on March 1st, but the Windows 7 vulnerability doesn't appear to be patched yet. Google claims they've only observed the Windows exploit on 32-bit Windows 7 systems so far, but notes that exploit mitigations already protect newer version of Windows, and say that "users should consider upgrading to Windows 10 if they are still running an older version of Windows." Sophos took a look at the Chrome bug earlier this week, and they seems to think that a single bad webpage could give attackers remote access to computers.
When we heard that the vulnerability was connected to FileReader, we assumed that the bug would involve reading from files you weren't supposed to. Ironically, however, it looks as though attackers can take much more general control, allowing them to pull off what's called Remote Code Execution, or RCE. RCE almost always means a crooks can implant malware without any warnings, dialogs or popups. Just tricking you into looking at a booby-trapped web page might be enough for crooks to take over your computer remotely.
When we heard that the vulnerability was connected to FileReader, we assumed that the bug would involve reading from files you weren't supposed to. Ironically, however, it looks as though attackers can take much more general control, allowing them to pull off what's called Remote Code Execution, or RCE. RCE almost always means a crooks can implant malware without any warnings, dialogs or popups. Just tricking you into looking at a booby-trapped web page might be enough for crooks to take over your computer remotely.