Google: Chrome zero-day was used together with a Windows 7 zero-day

Windows 7
Image: Microsoft

Google revealed today that a Chrome zero-day the company patched last week was actually used together with a second one, a zero-day impacting the Microsoft Windows 7 operating system.

The two zero-days were part of ongoing cyber-attacks that Clement Lecigne, a member of Google’s Threat Analysis Group, discovered last week on February 27.

The attackers were using a combination of a Chrome and Windows 7 zero-days to execute malicious code and take over vulnerable systems.

The company revealed the true severity of these attacks in a blog post today. Google said that Microsoft is working on a fix, but did not give out a timeline.

The company’s blog post comes to put more clarity into a confusing timeline of events that started last Friday, March 1, when Google released Chrome 72.0.3626.121, a new Chrome version that included one solitary security fix (CVE-2019-5786) for Chrome’s FileReader –a web API that lets websites and web apps read the contents of files stored on the user’s computer.

Most users who saw the company’s release didn’t think too much about a run-of-the-mill Chrome update, which Google provides on a regular basis, sometimes for the smallest of bugs.

However, out of nowhere this week, on Tuesday, March 5, Google revealed that the Chrome security fix was actually a patch for a zero-day that was being exploited in the wild, but again, did not reveal any additional details.

Today’s blog post provides these much-needed details, with the company revealing the existence of the Windows 7 zero-day, which attackers were using together with the Chrome zero-day in coordinated attacks.

Lecigne described the Windows 7 zero-day as “a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.”

“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,” he added.

Google said this zero-day may only be exploitable on Windows 7 due to recent exploit mitigations added in Windows 8 and later.

“To date, we have only observed active exploitation against Windows 7 32-bit systems,” Lecigne said.

The security researcher said that Google decided to go public with information about the Windows zero-day because they believe Windows 7 users should be aware of the ongoing attacks and take protective measures, just in case the attackers are using the Windows 7 zero-day in combination with exploits on other browsers.

More vulnerability reports:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin23,074 0.15 % 3.75 % 1.11 %
Ethereum1,683.9 0.17 % 4.90 % 2.93 %
Tether1.004 0.32 % 0.23 % 0.11 %
USD Coin1.002 0.12 % 0.09 % 0.07 %
BNB319.72 0.48 % 1.59 % 12.54 %
Binance USD1.001 0.14 % 0.01 % 0.04 %
XRP0.3647 0.21 % 4.13 % 3.89 %
Cardano0.5092 0.16 % 4.76 % 0.83 %
Solana42.12 0.56 % 2.22 % 3.81 %
Polkadot8.780 0.14 % 5.19 % 7.28 %

Bitcoin (BTC) $ 23,064.00
Ethereum (ETH) $ 1,682.05
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 318.97
Binance USD (BUSD) $ 1.00
XRP (XRP) $ 0.364109
Cardano (ADA) $ 0.509334
Solana (SOL) $ 40.36
Polkadot (DOT) $ 8.76