⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Google Chrome's zero-day vulnerability, identified as CVE-2024-6357, was actively exploited in the wild as of June 10, 2024, according to a Google security advisory. This flaw affects the browser's handling of graphics, and Google has released Chrome version 125.0.6422.142 for Windows, Mac, and Linux to address the issue. The company has not disclosed specific details about the vulnerability to prevent further exploitation. Concurrently, Ubiquiti's UniFi Network system experienced a critical vulnerability, CVE-2024-23862, which allowed unauthenticated attackers to execute arbitrary code on affected devices. This flaw, present in UniFi Network Application versions prior to 8.0.28, could lead to a complete system compromise. Security researchers also highlighted a new macOS malware family, dubbed "MetaStealer," capable of exfiltrating sensitive data including credentials, cookies, and cryptocurrency wallet information. This threat targets users through various distribution channels, including malicious ads and compromised software downloads. Additionally, a significant flaw was discovered in the VPN client for Cisco AnyConnect Secure Mobility Client, allowing for privilege escalation on Windows systems. This vulnerability, tracked as CVE-2024-20359, could enable attackers to gain administrative control over a compromised machine.