Linux Advisory: Chrome Zero-Day Exploit and Oath-Toolkit Risk
Oct 25, 2024 • 
Brittany Day 2 - 3 min read
Fellow Linux admins-
I'm old enough to remember the Sony Pictures hack from 2014 or the 2017 WannaCry ransomware attack. Both were conducted by the Lazarus Group, the notorious hacker group allegedly run by the North Korean government. Now, we can add to that list the latest Chrome exploit, which is under active exploitation for all but the latest version.
This zero-day attack enticed users into visiting a specially crafted product page for an NFT-based multiplayer online battle game, allowing remote attackers to execute arbitrary code on your computer. Yeah, this one's pretty terrible.
More than a dozen other serious vulnerabilities are fixed in this latest version - even an exploit to the sandbox designed to contain these types of threats. Read on to learn more about whether your version is affected and how you can stay abreast of these attacks in the future.
You'll also learn about a critical vulnerability in Oath-Toolkit, a widely used OTP authentication tool, that could result in privilege escalation attacks and data theft.
If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Stay safe out there,
ChromiumThe DiscoverySeventeen security bugs have been found in Chromium, the open-source browser project that is the basis for Google Chrome, including a high-severity use-after-free flaw in Chrome's AI component (CVE-2024-9954). |
Oath-ToolkitThe DiscoveryA critical vulnerability has been found in Oath-Toolkit, a widely used OTP authentication tool, that enables threat actors to escalate privileges on affected systems (CVE-2024-47191). |
PREVIOUS 
NEXT 
