On Halloween, Google fixed a terrible 0-day vulnerability in Chrome

Google fixed 0-day in Chrome
Written by Valdis Koks

On the evening of October 31, Google engineers unexpectedly released Chrome 78.0.3904.87 for Windows, Mac, and Linux. Analysts believe that in this way the company fixed a dangerous 0-day vulnerability in Chrome.

At this moment, it is proving hard to find out much specific detail about either of the vulnerabilities concerned, other than the fact that one of the two vulnerabilities fixed by the update is already have been exploited in the wild.

“It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. So, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already”, — writes Forbes observer Davey Winder.

The zero-day vulnerability under attack received the identifier CVE-2019-13720. It presents use-aster-free bug in the audio component of the browser.

Read also: Chrome 78 have not yet activated DNS-over-HTTPS support

According to a U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) statement, the Google update “addresses vulnerabilities that an attacker could exploit to take control of an affected system”, but that’s as far as the detail goes.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.”, — reported Google specialist.

However, there is evidence that Kaspersky Lab experts have already discovered a vulnerability and published a detailed analysis of the problem. Experts write that the bug is used to install malware on victims’ computers.

“We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag”, — write Kaspersky Lab reaserches.

It is noted that the exploitation of the vulnerability was associated with a watering holeattack on a Korean-language news portal, on the main page of which was introduced malicious JavaScript. Such attacks are called by analogy with the tactics of predators who hunt at a watering hole, waiting for prey – animals that came to get drunk. This behavior is more likely similar to the past operations of DarkHotel.

All Chrome users are advised to update their browser to version 78.0.3904.87 as soon as possible.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment