Following the news of the Google Chrome hack that prompts users to download “missing font” malware, Tod Beardsley, Research Director at Rapid7 commented below.
Tod Beardsley, Research Director at Rapid7:
So far, the attacks appear to be limited to compromised WordPress sites — a field that is, unfortunately, rich with targets. While most WordPress vulnerabilities are actually found in non-standard WordPress plugins, a rather serious vulnerability was patched in the 4.7.2 release of the WordPress core engine in late January.
Operators of WordPress sites are urged to patch up to at least version 4.7.2 as soon as possible, since the vulnerability discovered by Sucuri can be exploited by attackers to arbitrarily rewrite any post hosted on a WordPress site, including the ability to inject malware lures such as the missing HoeflerText font attack.
Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns. In the rare cases the browser needs to communicate a security or misconfiguration warning to the user, these warnings will appear as a full, replacement page, such as the familiar “Your connection is not private” warning for misconfigured SSL certificates.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.