Magnitude exploit kit is now capable of targeting Chromium-based browsers running on Windows systems.
Exploit kits such as Magnitude are known for expanding their arsenal with new browser or plugin exploits in a timely fashion, but for years they have mainly focused on Microsoft’s Internet Explorer and left other browsers aside. But now Magnitude added to its arsenal exploits for CVE-2021-21224 and CVE-2021-31956, two vulnerabilities that affect Google’s Chrome browser and Microsoft’s Windows platform.
CVE-2021-21224, is a type confusion flaw in the chrome V8 rendering engine that could lead to remote code execution (RCE). The bug was already exploited in attacks when fixes rolled out.
CVE-2021-31956, on the other hand, is an elevation of privilege (EoP) vulnerability that could allow attackers to escape Chrome’s sandbox and gain system privileges. When patched in June 2021, the security hole was being abused in attacks alongside CVE-2021-31955, another EoP flaw in Windows.
The two vulnerabilities were previously chained in malicious activity named Puzzle Maker, but which couldn’t be attributed to any known adversary.
“The attacks we have seen so far are targeting only Windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). Build 19043 (21H1) is not targeted. The exploit for CVE-2021-31956 contains hardcoded Sys call numbers relevant just for these builds,”
For the time being, the activity doesn’t appear to involve the use of a malicious payload, although it does lead to the victim’s Windows build number being exfiltrated. First observed in 2017, Magniber ransomware was associated right from the start with Magnitude, and was believed to be developed by the Exploit kit’s maintainers