ChainCatcher message, Microsoft cybersecurity researchers have discovered a zero-day vulnerability in the Chromium engine, which powers browsers like Chrome. This vulnerability has been exploited by a North Korean hacker group known as Citrine Sleet, specifically targeting cryptocurrency users. Citrine Sleet has used a rootkit malware called FudModule to create fake cryptocurrency trading platform websites, luring users into downloading malware or weaponized cryptocurrency wallets, thereby gaining remote code execution access to steal the victims' crypto assets. This vulnerability was patched on August 21, and users are urged to update their browsers as soon as possible to ensure safety. This is the third exploited Chromium zero-day vulnerability this year.

ChainCatcher message, the Web3 security agency Wallet Guard stated that Google has released an emergency update for a new zero-day vulnerability (CVE-2023-7024) and recommends users to update their Chrome browser (including Brave, Opera, and Edge) in a timely manner.

ChainCatcher news, the Fantom Foundation has officially confirmed that a small number of Fantom wallets were compromised, including approximately $550,000 of Fantom Foundation funds. Although initial reports indicated that the attack was carried out through a zero-day vulnerability in Google Chrome, the specific attack mechanism is still under investigation.In addition, a personal wallet of a Fantom employee was also affected. Some of the impacted wallets had previously been labeled as "foundation wallets," but were later reassigned to a Fantom employee. This incident is considered a targeted attack against individuals. Currently, the funds lost by the employee are being tracked and investigated.

ChainCatcher message, Fantom Foundation Telegram community administrator Jane stated that due to a zero-day vulnerability on Google Chrome, some hot wallet assets of the Fantom Foundation have been depleted, with losses amounting to hundreds of thousands of dollars. They are currently actively tracking the movement of the lost funds. Most of the foundation's assets are stored in cold wallets and remain unaffected. Jane recommends that users upgrade Chrome to the latest version.According to CertiK monitoring, some wallets of the Fantom Foundation on Ethereum and Fantom have been attacked, with confirmed losses amounting to $657,000.

ChainCatcher news, according to a report by the security company BleepingComputer, Google has released an emergency security update to fix the fourth Chrome zero-day vulnerability exploited in attacks since the beginning of this year, with active attacks targeting CVE-2023-4863 now reported in the wild.The new version is being rolled out to users in the stable and extended stable channels, and is expected to reach the entire user base in the coming days or weeks. Chrome users are advised to upgrade their web browsers to 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows).

Chaincatcher news, the Chrome browser has released an emergency update for version 105.0.5195.102 (Mac, Linux, and Windows) to fix a new high-severity zero-day vulnerability, identified as CVE-2022-3075, caused by insufficient data validation in the Mojo runtime library collection. Over the past three months, multiple zero-day vulnerabilities have been discovered in the Chrome browser. (Source link)