Google security researchers have recently discovered a sophisticated hacker operation which abused Chrome and Windows vulnerabilities, and to attack Android and Windows devices.
Some of the vulnerabilities belonged to the so-called “zero-days“Group, which means it was about omissions that are at the time were unknown to security experts from the companies Google and Microsoft, and almost all other security researchers. The use of unknown vulnerabilities, and the complex infrastructure, are not enough to classify an attack as a sophisticated operation, but still indicates above-average attacker abilities. The attacks used complex code that reached the victims’ devices through compromised sites, and security experts point out that this is a method that manages to bypass antivirus systems and other methods of checking.
They were abused four zero-days vulnerabilities: CVE-2020-6418 — Chrome vulnerability in TurboFan (patched in February 2020), CVE-2020-0938 — Font vulnerability in Windows (patched in April 2020), CVE-2020-1020 — Font vulnerability in Windows (patched in April 2020) ) and CVE-2020-1027 — Windows CSRSS vulnerability (patched in April 2020).
Source: Ars Technica
*The article has been translated based on the content of PC Press by pcpress.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!