In mid-May, Google released an update for Google Chrome (90.0.4430.212), due to which the browser…
The chain of vulnerabilities exploited in the attacks includes a remote code execution issue in the Google Chrome V8 JavaScript engine (as LC was unable to obtain a full exploit for this vulnerability).
We also investigated two vulnerabilities in Windows – CVE-2021-31955 (information disclosure in the Windows kernel) and CVE-2021-31956 (privilege escalation in Windows NTFS). Microsoft fixed both issues as part of its June Patch Tuesday.
Attackers gained access to the target system through a vulnerability in Chrome and then exploited CVE-2021-31955 and CVE-2021-31956 to compromise Windows.
According to experts, PuzzleMaker used the Windows Notification Facility (WNF) in conjunction with the exploitation of CVE-2021-31956 to execute malicious modules on the system.
Let me remind you that we wrote that Most of the exploits for 0-Day vulnerabilities are developed by private companies.
Kabatibly.co.in is a domain that tries to force you into clik to its browser notifications…
Reditarcet.co.in is a site that tries to force you into subscribing to its browser notifications…
Everestpeak.top is a domain that tries to trick you into subscribing to its browser notifications…
Firm-jawed.yachts is a domain that tries to trick you into subscribing to its browser notifications…
Anapurnatop.top is a domain that tries to trick you into subscribing to its browser notifications…
Boomira.com is a domain that tries to force you into clik to its browser notifications…