back to article We blocked North Korea's Chrome exploit, says Google

Google on Thursday described how it apparently caught and thwarted North Korea's efforts to exploit a remote code execution vulnerability in Chrome. The security flaw was spotted being abused in the wild on February 10, according to Googler Adam Weidemann, and there was evidence it was exploited as early as January 4. The web …

  1. DS999 Silver badge

    They "checked for Safari on macOS and Firefox"

    But that trail was cold? Or was it because North Korea hadn't inserted any exploits to handle those browsers yet? Which wouldn't be surprising since the Chrome monoculture outside of mobile (where Safari still matters) means if you can attack Chrome you can attack over 90% of people, and it isn't worth bothering with the <10% who are Mac users or PC users running Firefox!

    1. Clausewitz 4.0
      Devil

      Re: They "checked for Safari on macOS and Firefox"

      They couldn't get even all the stages of this exploit, nor the sandbox escape vuln.

      Its certain there is a zero day for sandbox escape out there, and possible there are zero days for other browsers.

      Well done op.

      1. fg_swe Silver badge

        Possibly -> Likely

        "Any nontrivial C or C++ program contains plenty of exploitable bugs. Even if program has been written by seasoned software engineers".

        http://sappeur.ddnss.de/Sappeur_Cyber_Security.pdf

    2. wolfetone Silver badge

      Re: They "checked for Safari on macOS and Firefox"

      It goes beyond desktop browsers, and it would also likely have affected mobile users

  2. Pascal Monett Silver badge

    iFrames

    Is it time to remove that from the browser toolbox, or do iframes have a legitimate use that we can't do without ?

    Because there's a lot of miscreants using iframes for their nefarious purposes.

    1. teknopaul

      Re: iFrames

      The concept was useful outside the context of fraud.

      You could write a menu system once that was simple href links targeted to the frame and let the main page show entire other websites temporarily.

      I agree it's a security nightmare, but it's a handy concept, one that is used in many apps.

      É.g. Defer a payment step to the webpages of a bank.

      1. mark l 2 Silver badge

        Re: iFrames

        Browser makers should give you the option to allow you to manually choose whether an iframe is loaded or make them open as a new tab. That way you won't break sites that need it, but are warned about them being there.

  3. Rich 2 Silver badge
    Devil

    Pot, meet Kettle

    But Chrome IS an exploit

  4. Claverhouse
    Alert

    Don't Hear So Much About Kim Jong-Un Anymore

    I thought all the North Koreans had died from starvation or were brain-damaged from malnutrition.

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't Hear So Much About Kim Jong-Un Anymore

      I assume NK secretly does all the assembly for some American oligarch. All through a chinese shell. Another shell delivers the food for the god and his people.

  5. Anonymous Coward
    Anonymous Coward

    Kim Jong-Un

    Too busy playing with his Long Dong.

  6. Claptrap314 Silver badge
    Mushroom

    So, THE SAME DAY that Google releases a version of Chrome & Chromium that address a "high" risk zero-day as a critical out-of-band update, they do a blog post bragging about having dealt with (a likely similar) exploit last month & attempt to throw shade on the security of other browsers?

    Oh yeah, the blog post for the new version of Chrome don't even mention that it is a security fix... https://chromereleases.googleblog.com/2022/03/

    Don't be evil.

    1. fg_swe Silver badge

      "Collect all their data, one day, one of them might become evil".

  7. fg_swe Silver badge

    CVE-2022-0609: Use After Free / Lack of Memory Safety

    Time and again, C++ enables the bad guys to penetrate systems.

    http://sappeur.ddnss.de/Sappeur_Cyber_Security.pdf

    Here is a potential fix: http://sappeur.ddnss.de/SAPPEUR.pdf

    More Chrome bugs, which could have been caught using a memory safe language:

    [$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

    [$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24

    [$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13

    [$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

    [$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17

    [$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like