'Deadly' Security Hole Discovered on Chrome Browser, Clicking on it Will Infiltrate You

Chrome - Image 1.

Kaspersky discovers 'deadly' security vulnerability in Chrome browser - Photo: KASPERSKY

On April 2, Kaspersky Security said it had discovered and helped patch a serious zero-day vulnerability in the Google Chrome browser. Previously, the company discovered a wave of infections that occurred when users clicked on personalized phishing links sent via email.

Kaspersky dubbed the campaign “Operation ForumTroll,” because the attackers used emails inviting victims to the “Primakov Readings” forum to carry out the scam. The main targets included media outlets,educational institutions, and government agencies in Russia.

More sophisticated, the malicious links only exist for a short time to avoid detection. And in most cases, the links will redirect to the legitimate Primakov Readings website to hide their tracks after the scam is complete.

The Chrome zero-day vulnerability is just one link in an attack chain that involves at least two exploits. One of them is a remote code execution (RCE) vulnerability, which is believed to be the first step in the attack. However, experts have yet to gather full information about this vulnerability.

The second step in the attack chain is through the Chrome sandbox bypass vulnerability, which Kaspersky discovered. Kaspersky's analysis shows that this campaign is primarily for espionage purposes. Evidence gathered points to the campaign being linked to an APT (advanced threat actor) group.

“This vulnerability is significantly more dangerous than the dozens of zero-day vulnerabilities we have discovered over the years,” said Boris Larin, head of security research at Kaspersky’s GReAT.

According to the expert, attackers exploit this vulnerability to bypass Chrome's sandbox protection mechanism without performing any explicit actions, as if the browser's security system is almost non-existent.

“Given the level of sophistication, this attack method is likely developed by highly skilled and resourceful cybercriminal groups. We recommend that all users update Google Chrome and other Chromium-based browsers to the latest version to avoid the risk of attack,” Boris Larin advised.

Kaspersky said Google had acknowledged the discovery of their security vulnerability and had released a timely patch. Users should update their Google Chrome browser to avoid cybercriminals attacking through new security vulnerabilities.