Hackers used the Chrome browser to attack both Windows and Android devices. Security experts uncovered the attacks as part of Google’s Project Zero.
The sophisticated hackers used two servers, one to target Windows devices and another to go after Android devices.
Hackers used three previously unknown vulnerabilities in Windows:
- Two font Windows font vulnerabilities
- A Windows CSRSS vulnerability
For Android devices, they exploited four chrome vulnerabilities and a previously known issue with older versions of the Android operating system.
The Windows issues have already been patched.
In an interesting twist, Project Zero went after those servers to attempt to extract the source of the malware and better understand it. The experts broke down what they uncovered in a six-part series that dives pretty deep into the issue.
If you’d like to learn a lot more about how these exploits work, follow the link below. I’ll warn you, it gets pretty technical.
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html