⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Google Chrome zero-day vulnerability CVE-2024-12053 affects millions of Windows, Mac, and Linux users. Google released patches this week after discovering active exploitation in the wild. The flaw allows remote code execution through specially crafted web pages, bypassing Chrome's sandbox protections.

Ubiquiti UniFi appliances face multiple exploitation attempts following disclosure of authentication bypass vulnerabilities. Attackers exploit default credentials and unpatched installations to gain network access. UniFi devices control critical infrastructure in businesses and universities, making these attacks high-impact targets.

New macOS stealer malware families emerged this week, targeting credential theft from Safari, Chrome, and system keychains. The malware leverages code-signed applications to evade Gatekeeper protections, infecting machines through phishing campaigns featuring AI-generated lures.

A critical VPN flaw exposes tunnel traffic when connections drop unexpectedly. Rather than blocking data transmission during outages, affected VPN applications continue processing requests, leaking encrypted payloads in plaintext. Researchers identified this across multiple consumer VPN providers.

The week's broader pattern reflects persistent infrastructure negligence. Abandoned software packages become supply chain vectors when maintainers disappear. Deprecated features remain enabled in production environments years after replacement. Default credentials never change. Phishing kits operate as rental services, lowering entry barriers for low-skill attackers.

Organizations should prioritize Chrome patching immediately, verify UniFi systems are updated and isolated on networks, and audit VPN configurations for kill-switch functionality. Endpoint detection tools should monitor for macOS stealer behavior targeting credential stores.

The common thread across these incidents is not sophistication. It is neglect. Legacy systems running in production. Abandoned packages trusted without validation. Default settings left untouched. Attackers exploit organizational debt, not zero-day complexity.