Hackers were able to use vulnerabilities to deliver exploit chains in the form of watering hole attacks. This is a form of attack where the bad actor will monitor which sites and services a victim regularly uses and then attempt to infect one of them. When the victim visits a regular website that is no infected, they too can be compromised by malware. Google Project Zero points out one server was targeting Windows and the other was targeting Android. Both exploit servers took advantage of vulnerabilities in the Google Chrome web browser. Project Zero charted the exploits through a six-blog post run this week. Once an attacker infected a victim device, the browser would deploy OS-level exploits allowing the threat actor to gain more access and control. Google says the attack was achieved through a combination of zero-day and n-day exploits.

Exploits

Most people are familiar with zero-days, exploits that are previously unknown to developers. However, n-days are a little more obscure to the public. These are bugs that a company has previously patched but still have active exploits in the wild. Google says the pair of exploit servers included the following:

Four “renderer” bugs in Google Chrome. A pair of sandbox escape exploits. A “privilege escalation kit”.

Included in those bugs were four zero-days for Windows. All bugs were patched early in 2020.

CVE-2020-6418 – Chrome Vulnerability in TurboFan CVE-2020-0938 – Font Vulnerability on Windows CVE-2020-1020 – Font Vulnerability on Windows CVE-2020-1027 – Windows CSRSS Vulnerability

Project Zero says the bugs were sophisticated and capable of causing a lot of problems for infected devices: “They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” Google said. Tip of the day: When you boot Windows 10 it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Google Discloses Chrome Attacks Targeting Windows and Android - 5Google Discloses Chrome Attacks Targeting Windows and Android - 77Google Discloses Chrome Attacks Targeting Windows and Android - 45Google Discloses Chrome Attacks Targeting Windows and Android - 39Google Discloses Chrome Attacks Targeting Windows and Android - 32Google Discloses Chrome Attacks Targeting Windows and Android - 83