A dark web hacker that goes by the name “Tombstone” has claimed and advertised multiple vulnerabilities affecting a subdomain affiliated with Google LLC. The hacker claimed these flaws on the Russian-language cybercrime forum Exploit and stressed the susceptibility of the domain to XSS-DOM and prototype pollution vulnerabilities. Screenshots shared by threat actor Tombstone showcased 'edu.google.com' as one of the allegedly impacted domains, raising concerns about potential exploits. Tombstone's post on Exploit lacked a specified price for the vulnerabilities, urging interested parties to initiate private communications for further details. The disclosed vulnerabilities pose significant risks to Google and its associated services, warranting immediate attention to mitigate potential cyber threats. "These vulnerabilities are in the software, not the source code Note that I only sell bugs with POC and full proof not exploits With a great price for long-term cooperation in other projects Exchange of Apple, FB, Meta, Microsoft banks", reads the threat actor post.

Dark Web Hacker Claims Prototype Pollution and XSS-DOM Vulnerability

[caption id="attachment_76830" align="alignnone" width="1108"] Source: Dark Web[/caption] The vulnerabilities advertised by Tombstone have direct implications for Google LLC, a prominent entity within the IT & ITES industry. Notably, domains such as google.com and edu.google.com have been identified as being at risk, primarily affecting users currently using the Google services.  The vulnerabilities disclosed by Tombstone encompass XSS-DOM and prototype pollution, both of which can serve as entry points for malicious cyber activities. XSS-DOM vulnerabilities, in particular, enable threat actors to inject client-side scripts into web pages viewed by other users, potentially leading to session hijacking, phishing attacks, malware distribution, and data theft. Prototype pollution vulnerabilities, however, involve manipulating a JavaScript object's prototype to achieve unintended behavior, often resulting in unauthorized data manipulation or code execution. The combination of these vulnerabilities within Google's subdomain highlights the critical need for robust cybersecurity measures to safeguard against potential cyberattacks.

Previous Incidents and Security Research

Prior to Tombstone's disclosure, security researcher Henry N. Caga had identified the XSS vulnerability within a Google subdomain, further emphasizing the susceptibility of Google's infrastructure to such exploits. Caga's research revealed the presence of a vulnerability within the URL associated with 'https://aihub.cloud.google.com,' prompting an in-depth investigation. Despite initial challenges in replicating the XSS pop-up, Caga's persistence ultimately led to the discovery of a double-encoded payload that triggered the vulnerability. Subsequent testing unveiled the widespread nature of the vulnerability across all URLs within the aihub.cloud.google.com domain, accentuating the severity of the issue. Following responsible disclosure protocols, Caga promptly reported the findings to Google's security team, accompanied by comprehensive documentation and proof of concept scripts. Google's swift response included an upgrade in the issue's priority and severity levels, acknowledging Caga's contributions with a reward of $4,133.70, along with a $1,000 bonus for the thoroughness of the report and proof of concept scripts. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.