WeChat users targeted by hackers using recently disclosed Chromium exploit

Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn.

China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China. According to the researchers, the attacks only targeted users of the WeChat Windows app. The security firm did not reveal which of the two PoC codes released last week were employed in the attacks.

Attackers are sharing specially crafted links with WeChat users, upon clicking them, a JavaScript code will execute a shellcode on their underlying operating systems.

Last week, two distinct researchers released exploit codes for two new Chromium zero-day remote code execution exploit affecting Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

The WeChat Windows client was impacted by the issues because it leverages the Chromium browser engine to manage links within the application.

Both remote code execution vulnerabilities disclosed last week could not escape Chromium’s sandbox, which means that attackers have chained them with a sandbox escape exploit to executing arbitrary code on the underlying system.

Anyway, as reported in a post by The Record, applications that don’t use a sandbox mechanism could expose the underlying OS to the risk of a hack.

Qingteng shared its findings with Tencent, the Chinese giant that developed WeChat, which updated the Chromium engine used by the application.

The good news is that both flaws have been already addressed by maintainers of the Chromium project and developers of major browsers are applying them.

Chrome has only fixed one of the flaws (CVE-2021-21220), while Microsoft Edge fixed both exploits.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.