1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Chrome vulnerability

Discussion in 'General Security' started by lunarlander, May 16, 2019.

Advertisement
  1. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    Hi,

    I believe that the latest version of Chrome browser has a security hole. It enables attacker to push an exe and run it. I updated Chrome today. The exe pushed thru has a former Windows Defender file name mpsigstub, and was caught by my anti-executable. No other program was running other than Chrome.
     
  2. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    Nah, I was here at this forum. The attack was using a spoofed origin.
     
  3. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    @lunarlander You have a Security+ certification.

    Should we all stop using Chrome?

    Info from my computer:
    Chrome 74.0.3729.157 (Official Build) (64-bit)

    I didn't get an update today.
     
  4. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    I would add an anti-executable to your list of security defenses. Examples are : VoodooShield Free, NoVirusThanks EXE Radar Pro, Anti-Executable by Faronics .

    Chrome developers move fast, releasing new versions almost every month. As such, updating your Chrome MIGHT work, because as they recompile the code, the security hole moves. Or the developers MIGHT fix the hole, if somebody told them exactly what to fix.
     
    Last edited: May 17, 2019
  5. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    What's an anti-executable?
     
  6. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    I amended my post as you typed . Please re-read.
     
  7. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    Is this a zero-day vulnerability? I'm not finding any info on security blogs.

    The programs listed are Windows apps. They protect against this new Chrome vulnerability?

    Did you report it to Google?
     
  8. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    I wouldn't bet on security blogs having much info. Hackers have their own wares which they keep to themselves.

    Anti-executables stop any unknown program that tries to run. Most exploits run a payload program.

    I don't have specifics on the security hole. Nothing to report.
     
  9. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    mpsigstub.exe is Windows executable.

    This new Chrome vulnerability exploits this Windows EXE?
     
  10. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    No, here's the log entry of the anti-exe: c:\windows\servic~1\networ~1\appdata\local\temp\ibd9d45f-d1fd-4182-860c-edeef1336838\mpsigstub.exe

    MpSigStub.exe used to be part of Windows Defender I think. But I can find no trace of it in the current C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0 nor anywhere on my C drive.
     
  11. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    MpSigStub.exe is a Windows system file. It's on Windows 7 and Windows 10. I checked my computers and VM images.

    C:\Windows\System32\MpSigStub.exe
     
  12. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    Not on my Win 10 v1809

    Windows Defender version is: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0
     
  13. AmyToo

    AmyToo

    Joined:
    Sep 22, 2017
    Messages:
    175
    First Name:
    Amy
    I have the same Windows 10 and Windows Defender versions, and I have the file C:\Windows\System32\MPSigStub.exe.

    Maybe it was flagged as a false positive on your computer?
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,322
    And Windows 8.1 as well.

    I think it's just a case of Windows Defender was updating at the same time and your anti-executable prevented it (or it didn't get deleted after the update as it should have). That file location is a temporary one for WD updates and both the file and the location are whitelisted in the FRST malware tool (at least they were in 2015 which is the last instance I could find).

    I think if there were such a vulnerability we would have heard something about it by now.
     
  15. lunarlander

    lunarlander Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    10,137
    I just checked with my fresh install of v1809 Nov 2018, and I can't see MPSigStub in \windows\system32 !! Mind you, it was updated with Offline WSUS to April 2019 updates.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1227251

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice