WeChat users targeted by hackers using recently disclosed Chromium exploit

Pierluigi Paganini April 20, 2021

Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn.

China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China. According to the researchers, the attacks only targeted users of the WeChat Windows app. The security firm did not reveal which of the two PoC codes released last week were employed in the attacks.

Attackers are sharing specially crafted links with WeChat users, upon clicking them, a JavaScript code will execute a shellcode on their underlying operating systems.

Last week, two distinct researchers released exploit codes for two new Chromium zero-day remote code execution exploit affecting Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

The WeChat Windows client was impacted by the issues because it leverages the Chromium browser engine to manage links within the application.

Both remote code execution vulnerabilities disclosed last week could not escape Chromium’s sandbox, which means that attackers have chained them with a sandbox escape exploit to executing arbitrary code on the underlying system.

Anyway, as reported in a post by The Record, applications that don’t use a sandbox mechanism could expose the underlying OS to the risk of a hack.

Qingteng shared its findings with Tencent, the Chinese giant that developed WeChat, which updated the Chromium engine used by the application.

The good news is that both flaws have been already addressed by maintainers of the Chromium project and developers of major browsers are applying them.

Chrome has only fixed one of the flaws (CVE-2021-21220), while Microsoft Edge fixed both exploits.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment