On Halloween, Google fixed a terrible 0-day vulnerability in Chrome

On the evening of October 31, Google engineers unexpectedly released Chrome 78.0.3904.87 for Windows, Mac, and Linux. Analysts believe that in this way the company fixed a dangerous 0-day vulnerability in Chrome.

Šobrīd, it is proving hard to find out much specific detail about either of the vulnerabilities concerned, other than the fact that one of the two vulnerabilities fixed by the update is already have been exploited in the wild.

“It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. Tātad, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already”, writes Forbes observer Davey Winder.

The zero-day vulnerability under attack received the identifier CVE-2019-13720. It presents use-aster-free bug in the audio component of the browser.

Izlasi arī: Chrome 78 have not yet activated DNS-over-HTTPS support

According to a U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) statement, the Google updateaddresses vulnerabilities that an attacker could exploit to take control of an affected system”, but that’s as far as the detail goes.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.”, — reported Google specialist.

Tomēr, there is evidence that Kaspersky Lab experts have already discovered a vulnerability and published a detailed analysis of the problem. Experts write that the bug is used to install malware on victimscomputers.

“We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag”, write Kaspersky Lab reaserches.

It is noted that the exploitation of the vulnerability was associated with a watering holeattack on a Korean-language news portal, on the main page of which was introduced malicious JavaScript. Such attacks are called by analogy with the tactics of predators who hunt at a watering hole, waiting for preyanimals that came to get drunk. This behavior is more likely similar to the past operations of DarkHotel.

All Chrome users are advised to update their browser to version 78.0.3904.87 as soon as possible.

Par autoru

Valdis Koks

Drošības inženieris, reversā inženierija un atmiņas kriminālistika

Atstājiet savu komentāru