Lookout admins should proactively enable the vulnerability protection policy in the Lookout console and configure it with the appropriate severity and remediation actions that align with their organization’s response workflows. As of June 2nd, 2022, Lookout will alert on Chrome versions 101.0.4951.60 or before as vulnerable.
External researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are defined in CVE-2022-1633 through CVE-2022-1641 and may enable exploitation via a malcrafted webpage. Successful exploitation may allow the attacker to compromise the user's data on a vulnerable device, and they exist across several components of Chrome.
The most likely way for an attacker to exploit this vulnerability would be to send a link leading to a malcrafted webpage to their target in hopes that the target still has a vulnerable version of Chrome on their device. A successful exploit may grant a threat actor access to Chrome's capabilities without needing to root the device. Mobile device management (MDM) tools will not detect a successful exploitation. In the event of a successful exploit, the actor could have access to any capability that the browser has.
Lookout admins should proactively enable the vulnerability protection policy in the Lookout console and configure it with the appropriate severity and remediation actions that align with their organization’s response workflows. As of June 2nd, 2022, Lookout will alert on Chrome versions 101.0.4951.60 or before as vulnerable.
September 22, 2023
Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.
September 15, 2023
September 19, 2023