Technology
Zero-day vulnerability found in Google Chrome web browser
New Delhi, Nov 4
A new exploited vulnerability in Google Chrome web browser called "CVE-2019-13720", which is a zero-day vulnerability, has been spotted by Russian cyber security firm Kaspersky. The firm has reported it Google and a patch has been released.
Zero-day vulnerabilities are essentially previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage.
The detected exploit was used in what the cyber security firm calls 'Operation WizardOpium'.
Certain similarities in the code point to a possible link between this campaign and Lazarus attacks.
"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors," Anton Ivanov, Security Expert at Kaspersky, said in a statement.
The new exploit is used in attacks that leverage a waterhole-style injection in a Korean-language news portal.
A malicious JavaScript code is inserted in the main page, which in turn, loads a profiling script from a remote site to further check if the victim's system could be infected by examining versions of the browser's user credentials.
The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used.
The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
Zero-day vulnerabilities are essentially previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage.
The detected exploit was used in what the cyber security firm calls 'Operation WizardOpium'.
Certain similarities in the code point to a possible link between this campaign and Lazarus attacks.
"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors," Anton Ivanov, Security Expert at Kaspersky, said in a statement.
The new exploit is used in attacks that leverage a waterhole-style injection in a Korean-language news portal.
A malicious JavaScript code is inserted in the main page, which in turn, loads a profiling script from a remote site to further check if the victim's system could be infected by examining versions of the browser's user credentials.
The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used.
The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
28 minutes ago
FIFA WC: 'Haaland is unstoppable in the box,' says Vieri ahead of Norway vs England quarterfinal
30 minutes ago
FIFA WC: When and where to watch Argentina vs Switzerland, know all details
3 hours ago
Boat carrying Indian tourists capsizes in Vietnam, several killed
5 hours ago
Courtroom drama was on Kajal Aggarwal’s radar for a long time
5 hours ago
Television actor Rohit Chandel arrested for allegedly stalking, harassing a minor
5 hours ago
Matt Damon wants to collaborate with Shekhar Kapur
5 hours ago
India ranks 1st in milk production, 2nd in mobile, 3rd in auto globally: PM Modi in New Zealand
5 hours ago
Onion prices jump in Chennai as Maharashtra supply drops, traders warn of further rise
5 hours ago
FSSAI slaps Swiggy Instamart with 9 notices following consumer complaints
5 hours ago
Sabarimala Tantri designate opts out, cites ill health
5 hours ago
Correct script, pronunciation: Centre issues fresh guidelines for National Song, National Anthem
5 hours ago
Six women die after C-sections in Bhilwara, two in Banswara; Gehlot seeks central probe
5 hours ago
Bengaluru man murders mother, grandmother, brother-in-law; dies by suicide
