Due to Google’s Project Zero, zero-day vulnerabilities and bugs that could infect systems with malware can be uncovered. The project has unveiled a group of vulnerabilities that could have affected a large amount of customers had they not been discovered and patched. Two malicious servers were discovered hoping to pursue watering hole attacks. A watering hole attack occurs when a cybercriminal compromises certain websites visited by organizations with malware to affect the customers. The two servers were targeting Windows users and Android users, respectively, and used Google Chrome vulnerabilities to execute the attack.
The Chrome and Windows attack utilized zero-day vulnerabilities and the Android attack used n-day vulnerabilities. Zero-day vulnerabilities do not yet have a widely available patch, and are unknown to the vendor prior to the attack. N-day vulnerabilities are publicly known with available patches and become common knowledge among hackers. The server contained four bugs in chrome, two sandbox escape exploits for Windows, and a “privilege escalation kit” for older versions of Android. There was one zero-day vulnerability in the Chrome bugs, three in Windows, and widely known vulnerabilities for Android. All the zero-day exploits were patched last year, and Google says these vulnerabilities were well-engineered, leading to suspicion that experts created these exploit chains.
Read more: Google exposes malicious exploits targeting Windows and Android users