Google security researchers have recently discovered a sophisticated hacker operation who exploit Chrome and Windows vulnerabilities, and attack Android and Windows devices,
Some of the vulnerabilities belonged to the so-called “zero-day“Group, which means it was about omissions that are were unknown to company security experts at the time Google and Microsoft, and almost all other security researchers. The use of unknown vulnerabilities, and the complex infrastructure, are not enough to classify an attack as a sophisticated operation, but nevertheless indicates above average attacker skill, The attacks used complex code that accessed the victims’ devices through compromised sites, and security experts point out that this is a method that manages antivirus systems and other methods of control.
They were abused four zero-day vulnerabilities: CVE-2020-6418 – Chrome Vulnerability in TurboFan (patched in February 2020), CVE-2020-0938 – Font Vulnerability in Windows (patched in April 2020), CVE-2020-1020 – Font Vulnerability in Windows (patched in April 2020)) and CVE-2020-1027 – Windows CSRSS Vulnerability (patch in April 2020).
Source: Ars Technica