SKOUT Threat Advisory 0072-21: Threat Actors Targeting VoIP Providers with DDoS Attacks
|Our partners at SKOUT Cybersecurity have alerted us to this current threat.|
Following the confirmation of four serious Chrome vulnerabilities this month, Google has revealed five new vulnerabilities with a rating of “High” as well as 11 other less severe flaws known to affect versions of Chrome prior to the latest release.
Technical detail and additional information
WHAT IS THE THREAT?
Adhering to standard practice, Google is currently restricting information about the new exploits in order to give its enormous userbase time to update their Chrome browsers. As a result, the following information is all the organization is sharing about the “High” vulnerabilities at this time (see their blog post for more information about the lower-rated vulnerabilities):
- High – CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
- High – CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-09-11
- High – CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15
- High – CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint on 2021-09-27
- High – CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
While details have yet to be released, the new threats follow a pattern seen in recent months. More than 10 Use-After-Free (UAF) vulnerabilities were discovered in September, and a zero-day UAF flaw was discovered earlier this month. UAF vulnerabilities are memory exploits in which a program fails to clear the pointer to the memory after it is freed. Additionally, there is a trend in rising Heap buffer overflow exploits. Heap memory is dynamically allocated at runtime and typically contains program data, so when an overflow occurs, critical data structures can be overwritten—making it an ideal target for attacks
WHY IS IT NOTEWORTHY?
There are 2.65 billion Chrome users worldwide, exposing a large pool of potential victims to these attacks. Many people use Chrome for business as well as personal reasons, meaning it essential for both organizations and individuals to ensure they are secured against these vulnerabilities.
WHAT IS THE EXPOSURE OR RISK?
To check if you are secured, navigate to the three-dot menu in the top right corner of your Chrome browser and click on Help > About Google Chrome. If your Chrome version matches version 95.0.4638.54 or higher, you are safe. If not, you are vulnerable to these exploits.
WHAT ARE THE RECOMMENDATIONS?
To secure users against these threats, Google has released a critical Chrome update, version 95.0.4638.54. When you navigate to Help > About Google Chrome, Chrome may begin to auto-update to the most recent, secure version if it has not updated already. If not, be aware that Google has stated the rollout of version 95.0.4638.54 will be staggered—so you may not be able to protect yourself immediately. If the update is not yet available to you, be sure to check back regularly for the new version until it is. You may see a red or golden update button in the top right of your Chrome browser alerting you when the update is available.
After you update Chrome, be sure to restart the browser as it will not be secured until it has restarted. Following an update and restart, your Chrome browser will be secured against these threats.
For more in-depth information about the recommendations, please visit the following links: