fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Second Google Chrome Zero-day Exploit Dropped On Twitter This Week

Second Google Chrome Zero-day Exploit Dropped On Twitter This Week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a significant risk to users as they allow threat actors to begin using them before a fix is released.

Today, a security researcher known as frust dropped a PoC exploit on Twitter for a zero-day bug Chromium-based browser that causes the Windows Notepad application to open.

This new zero-day vulnerability comes a day after Google released Chrome 89.0.4389.128 to fix a different Chromium zero-day vulnerability publicly released on Monday.

Like Monday’s zero-day vulnerability, frust’s remote code execution vulnerability is not capable of escaping Chromium’s sandbox security feature. Chromium’s sandbox is a security feature that prevents exploits from executing code or accessing files on host computers.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

Unless a threat actor chains the new zero-day with an unpatched sandbox escape vulnerability, the new zero-day in its current state cannot harm users unless they disable the sandbox.

Frust released a video demonstrating the vulnerability being exploited to prove that their PoC exploit works.

BleepingComputer has also independently confirmed that the vulnerability works by launching the current versions of Google Chrome and Microsoft Edge using the --no-sandbox argument, which disables the sandbox security feature.

After disabling the sandbox, the exploit could launch Notepad on Google Chrome 89.0.4389.128 and Microsoft Edge 89.0.774.76, which are the latest versions of both browsers.

Google was scheduled to release Chrome 90 for Desktop yesterday, April 13th, but instead released the new version of Chrome to fix the zero-day released on Monday.

Also Read: 3 Reasons Why You Must Take A PDPA Singapore Course

It is not known if this additional zero-day with further prevent Chrome 90 from being released as Google plays catchup with security researchers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us