Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities

January 14, 2021
  • Renderer exploits for four bugs in Chrome, one of which was still a zero- day at the time of the discovery.
  • Two sandbox escape exploits abusing three zero day vulnerabilities in Windows.
  • A “privilege escalation kit” composed of publicly-known N-day (known-day) exploits for older versions of Android. Based on the actor's sophistication, the researchers think it's likely that they had access to Android zero-days, but they didn't discover any in their analysis.
  • CVE-2020-6418 - Chrome Vulnerability in TurboFan (fixed February 2020)
  • CVE-2020-0938 - Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1020 - Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1027 - Windows CSRSS Vulnerability (fixed April 2020)
prestitial ad