TOP 3 cybersecurity events of the week according to Jet CSIRT
McAfee finds five Google Chrome extensions stealing user data
McAfee Threat Analysts found five Google Chrome extensions (Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension, AutoBuy Flash Sales) that steal data about users’ online activities. In total, the malicious extensions have been downloaded over 1.4 million times. The purpose of malicious extensions is to track the time of visiting marketplaces and change users’ cookies as if they followed a referral link. For such transitions, the authors of the extensions receive a partner reward. Every time a user visits a new URL, data is sent to the attacker via POST requests. This information includes the base64 URL, user ID, device location (country, city, zip code), and encoded referral URL.
GitLab specialists have announced security updates 15.3.2, 15.2.4, 15.1.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). Fixed 15 vulnerabilities, one of which is critical XSS (CVE-2022-286). This vulnerability affects all versions prior to 15.1.6, versions 15.2-15.2.3, versions 15.3-15.3.1 of GitLab CE/EE. Attackers could exploit a vulnerability in the label color customization feature that could lead to stored XSS, which could allow arbitrary client-side actions to be performed on behalf of the victim.
Microsoft has discovered a vulnerability in the TikTok app
The Microsoft Defender Research Team has published a report on a high-grade vulnerability in the Android version of the TikTok app. The vulnerability could allow attackers to bypass deeplink verification. Attackers can load an arbitrary URL into the WebView component and then access the connected JavaScript WebView bridges through this URL. Using special JavaScript methods, attackers can access user profiles and also make HTTP requests. Also, the attackers could have authentication tokens, all the information entered into the account, videos with limited access rights, and profile settings. The vulnerability was identified as CVE-2022-28799 and was fixed in version 23.7.3.
