#AxisOfEasy 214: Two Chrome 0-Days Being Exploited In The Wild



Weekly Axis Of Easy #214

Last Week’s Quote was: “The state calls its own violence law, but that of the individual, crime.” Was Max Stirner, winner was Carsten Lyck.

This Week’s Quote:  “What this country needs is more unemployed politicians.” …by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.

In this issue:

  • Two Chrome 0-days being exploited in the wild – update now
  • Facebook experiences global outage as whistleblower revealed
  • Former Canadian PM to advise surveillance tech company
  • Ethereum Foundation’s Virgil Griffith pleads guilty on North Korea charges
  • WeChat blocking Evergrande discussion groups
  • Another Epik leak released with even more data
  • Tired: Ivermectin. Wired: Pfizermectin.
  • How we know Bitcoin is a force for good


Credit where credit is due: In last week’s piece about the Internet Society response to the Federal Government’s public consultation on online harms, I mistakenly identified the primary author of the ISCC response as former CRTC vice-chair Peter Menzies. It was actually telecom and policy law expert Phillip Palmer who authored the report. I got their names crossed in my mind.

Two Chrome 0-days being exploited in the wild – update now

If you’re using Chrome then make sure you are at version 94.0.4606.71 after Google used an emergency update to push a fix for four bugs last week, two of them zero-days (a zero-day, 0-day, bug is a security flaw that has been discovered in already deployed software).

The details of the two critical 0-days have not been disclosed, all we know is that CVE-2021-37976 is described as “information leak in core” and the other,
CVE-2021-37975 is a high severity “user after free” bug, which apparently has something to do with remote command execution in the JavaScript engine.

Check your browser via the Help -> About menu option.

By Bleeping Computer’s count, this is the thirteenth Chrome 0-day of the year.

Read: https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-two-zero-days/

Personally I swore never to vote Conservative again after Harper’s Bill C-30 (the so-called “Protection of Children from Internet Predators Act,” which had nothing to do with children or internet predators. It didn’t go through, but he did put C-51 through which is an internet surveillance bill. No surprise to see him as a surveillance capitalist in his post-politics career.

Facebook experiences global outage as whistleblower revealed

On Sunday night 60 Minutes revealed to the world a whistleblower who has been the source of a series of stories that appeared in the Wall Street Journal (including the story from AofE two week’s ago “Instagram is Toxic for Teenage Girls and Facebook Knew it.”) It turns out to be Frances Haugen, a veteran of Facebook, Google and Yelp.

According to Haugen, Facebook choose profits over problems at every turn, whether it was the knowledge that their algos were compounding psychological and mental health issues with teenagers, or hate speech circulating on the platform.

She will also be testifying before Congress starting today (Tuesday).

As if Facebook’s week wasn’t off to a bad enough start, on Monday, as I type this, they also reportedly hosed their own BGP routing announcements, which wiped out their own nameservers, which took Facebook, Instagram and WhatsApp off the air completely for an extended outage. It’s been a couple hours and still gone. As I type this people are messaging me along the lines of “BGP Hijack” and other conspiratorial themes (infowar from China?) but until I hear differently, sometimes network ops teams simply manage to blow themselves up. It happens.

Read: https://www.protocol.com/bulletins/frances-haugen-facebook-instagram

Read: https://arstechnica.com/information-technology/2021/10/facebook-instagram-whatsapp-and-oculus-are-down-heres-what-we-know/

Former Canadian PM advising surveillance tech company

Stephen Harper, the former Prime Minister of Canada and the last Conservative to hold the office (perhaps to be the last one who will ever hold it), was discovered to play a key in a Toronto company looking to sell high end surveillance technology to the United Arab Emirates, despite that country’s questionable human rights record.

“AWZ Ventures finances Israeli surveillance technology systems, including facial recognition and crowd detection systems and services that deliver comprehensive information on individuals in real time.”

Harper is a partner in the firm and sits on its advisory board, which also contains “former members of the Mossad and other Israeli and American intelligence agencies, among others.”

Read: https://www.cbc.ca/news/politics/harper-united-arab-emirates-surveillance-technology-1.6192281

Ethereum Foundation’s Virgil Griffith pleads guilty on North Korea charges

Back in AoE 124, we reported on how Ethereum Foundation’s former head of Special Projects Dr. Virgil Griffith was arrested in the US after he delivered a talk about crypto-currencies in North Korea. He was charged with assisting NK in evading sanctions.

I first met Dr. Griffith at the Ethereum Name Service (ENS) Working Group meeting in London, UK in 2017 and we kept in touch since. After his arrest we exchanged a couple emails (via his lawyers, as a condition of his bail) and I was under the impression he expected to go to trial and to be exonerated.

So it was surprising when I saw the news that Griffith has now pleaded guilty as part of a plea bargain arrangement and will be sentenced in January 2022. He faces up to six-and-a-half years in federal prison.

Most experts agree that the substance of Griffith’s talk in North Korea contained no information that couldn’t be gleaned opening on the internet with a few searches.

Read: https://www.coindesk.com/business/2021/09/29/why-did-virgil-griffith-plead-guilty/

WeChat blocking Evergrande discussion groups

The collapse of China’s real estate empire Evergrande is being called that country’s “Lehman Moment” as the largest property developer with an estimated 200B to 300B debt (against a 100B asset base) can no longer roll-over its debt or make interest payments.

Those most affected are the countless Chinese working and middle class savers who paid up front deposits to the company for future houses which will now, in all likelihood, never be built.

For many of these families, it was their life savings, even Evergrande employees were pressured by their managers to put their own money back into various company development and “wealth management” programs under threat of losing promotions or being otherwise marginalized if they didn’t.

So it’s no surprise that those affected would begin congregating in online venues to compare notes and organize protests. One of the largest conduits for that being WeChat.

As of last Tuesday morning, at least eight chat groups organized on the platform were no longer accessible. Some members reported to Reuters news that they had also been visited “by Chinese law enforcement asking them to sign papers agreeing not to join any gatherings or do anything illegal.”
Read: https://apple.news/AEcfR2Gf5TPizz1_oi2S6zg

Another Epik leak released with even more data

A couple of weeks ago we covered how domain registrar Epik was hacked and a large trove of their data leaked all over the web. Epik came under the crosshairs of the hacker collective “Anonymous” as they have a long history of platforming controversial sites like 8Chan and Gab.

Now another trove of data has been leaked, which contains entire disk images of Epik servers, so it looks like this is a substantial system compromise and intrusion that had been in the works for months.

Also – multiple users here and elsewhere people who do not have accounts with Epik nor had any dealings with them reported being notified by various services that their emails had come up in the Epik data leak.

We looked into that, and the word is that Epik had been scraping third-party whois records for years and storing them (this is not what we do at places like our own easyWhois and DomainHelp web lookup gateways. We don’t store info. It looks like Epik was scraping other system info, which is why your email may show up in this leak).

Read: https://www.dailydot.com/debug/anonymous-new-epik-leak/

Tired: Ivermectin. Wired: Pfizermectin.

A good chunk of the hostility I’ve received over writing AxisOfEasy (so much that I’ve decided to hand it off to somebody less polarizing) is driven by the coverage of Ivermectin.

It was curious how a few weeks ago the “horse drug” narrative around Ivermectin was suddenly being amplified by the mainstream outlets, despite the fact that it’s an FDA approved drug that’s been used as an anti-parasitic for decades, and the fact that it was being used in India to combat an explosion of Delta Variant.

Now we learn that Pfizer is in clinical trials with PF-07321332, a developmental drug that acts as a “protease inhibitor” against C*V1D-19 for anybody already infected.

Oddly enough that’s exactly the claim made about Ivermectin, that it is a protease inhibitor. People tracking this are euphemistically calling Pfizer’s crack at this, “Pfizermectin.”

Read: https://www.zerohedge.com/covid-19/pfizer-launches-final-study-covid-drug-thats-suspiciously-similar-ivermectin

One wonders if the MSM and Big Tech will conduct a wide-ranging, coordinated campaign of marginalization against Pfizer should Pfizermectin be approved and be deployed.

How we know Bitcoin is a force for good

I was going to run an item on how multiple governors of the Federal Reserve profited handsomely from information asymmetry by front-running monetary policy which they were involved in forming and making personal trades in the public markets that earned them millions, and have now resigned in disgrace. But I decided that isn’t really technology centric enough, it’s just flat out corruption in high places. What else is new?

Instead I leave you with this piece I wrote over on Bombthrower that outlines the key differences I foresee between legitimate cryptocurrencies like Bitcoin or Ethereum and faux-digital currencies like Central Bank Digital Currencies (CBDCs) or “FedCoin.”

“If you thought the Federal Reserve was suffering from mission creep now that they’ve decided to tackle climate change and social justice, just wait until they get the ability to program the money that’s already in your wallet.”

Read: https://bombthrower.com/articles/how-we-know-bitcoin-is-a-force-for-good/

One thought on “#AxisOfEasy 214: Two Chrome 0-Days Being Exploited In The Wild

  1. Re: This Week’s Quote: “What this country needs is more unemployed politicians.” …by???

    Will Rogers

Leave a Reply

Your email address will not be published. Required fields are marked *