Browser Security Updates - June 2024
LATEST INDUSTRY NEWS AND TAKEAWAYS
Google Chrome Fixes Zero-Day Vulnerabilities Exploited in the Wild
What Happened? During May 2024, Google released several emergency security updates for the Chrome browser to address high-severity zero-day vulnerabilities tagged as exploited in attacks:
CVE-2024-4671: A high-severity use-after-free flaw in the Visuals component that handles the rendering and displaying content in the browser.
CVE-2024-4761: An out-of-bounds write problem in Chrome's V8 JavaScript engine, which is responsible for executing JS code in the application.
CVE-2024-4947 - High-severity type confusion weakness in the Chrome V8 JavaScript engine, potentially enabling arbitrary code execution on the target device.
CVE-2024-5274 - A high-severity type confusion in V8, Chrome's JavaScript engine responsible for executing JS code.
LayerX Recommendations:
Google has released a fix for these vulnerabilities, and users are advised to update their Chrome browsers to the latest version to protect against potential exploitation. The updates underscore the ongoing efforts by browser developers to protect users from emerging threats and highlights the importance of promptly installing security updates to mitigate risks.
The LayerX platform gives full visibility to all browser versions in the workspace, while also utilizing policies to notify and educate users, prompting them to update their browser.
Massive Phishing Campaign Exposes 850,000 People to Credit Card Theft
What happened?
A network of 75,000 fake online shops calledd 'BogusBazaar' lured over 850,000 people, leading to credit card theft and attempted fraudulent transactions totaling $50 million. The operation involved creating counterfeit online stores to swindle unsuspecting shoppers, with most victims in the US and Western Europe. China, suspected as the scam's operational base, had few victims.
Cybercriminals hosted these fake shops on expired domains with good Google reputations, selling shoes and clothing at unusually low prices.
LayerX Recommendations:
LayerX browser security extension employs real-time scanning and threat detection, providing robust protection against various flaws and ensuring a secure online experience for our clients.
Google Ads Exploit Arc Browser's Windows Launch with Malvertising
What happened?
Cybercriminals are leveraging Google Ads to target users of Arc Browser, a Windows-based browser, with malvertising. These malicious ads lead unsuspecting users to harmful websites, posing significant security risks.
Upon clicking the advertisement, users are redirected to typo-squatted domains that closely mimic the legitimate website. If users proceed to click the "Download" button, they retrieve a trojanized installer file from the MEGA hosting platform. This installer then downloads an extra malicious payload from an external source.
LayerX recommendation:
We strongly recommend users to behave with caution when clicking on ads in general.
LayerX provides AI-powered secure browsing that runs from within the browser, equipped with just-in-time threat intelligence and real-time code scanning. Its continuous risk assessment would block attacks of this sort.
🎉Product Spotlight🎉
Using LayerX Security Enterprise Browser Extension users can now:
detect any upload activity involving predefined file names containing specific keyword
This feature extends to file labels, such as Microsoft MIP labels, and other file properties.
NEW COLLATERAL BY LAYERX
