Published 18:47 IST, November 4th 2019
Security loophole was discovered in Google Chrome browser, now fixed
Kaspersky researchers recently discovered a zero-day vulnerability CVE-2019-13720 in Google Chrome. It would insert a malicious JavaScript code on the main page
Advertisement
Kaspersky researchers recently discovered a zero-day vulnerability CVE-2019-13720 in Google Chrome. vulnerability would insert a malicious JavaScript code on main p, furr checking if victim's system could be infected. Upon matching criteria, attacker could exploit loophole through Google Chrome browser. attack would n check if Google Chrome version 65 or later is in use.
Once exploited, it could provide an attacker with a Use-After-Free (UaF) condition. This particular condition is dangerous for fact that it can furr le to code execution scenarios. Researchers call exploit 'Operation WizardOpium.' According to m, similarities in code point to a potential connection between campaign and Lazarus attacks. targeted website has a profile, which is similar to one that was previously discovered in DarkHotel attacks.
Advertisement
“ finding of a new Google Chrome zero-day in wild once again demonstrates that it is only collaboration between security community and software developers, as well as constant investment in exploit prevention techlogies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivav, a security expert at Kaspersky.
Meanwhile, Google has released Chrome version 78.0.3904.87 for Windows, Mac and Linux.
Advertisement
"We would also like to thank all security researchers that worked with us during development cycle to prevent security bugs from ever reaching stable channel," Google Chrome's Srinivas Sista said in his blog post.
Google Chrome security tips
-- Make sure your Google Chrome browser is up-to-date. Ensure to install Google patch for new vulnerability as soon as it is available to downlo and install.
Advertisement
-- Update all software or software installed on your system. This way, attack won't spre across or areas on your computer system.
-- Researchers recommend users to have Vulnerability Assessment and Patch Manment tools installed on ir system to automate se processes.
Advertisement
-- Researchers recommend your security team to have access to most-recent cyber threat intelligence.
-- Understanding and implementation kwledge of basics in cybersecurity hygiene is recommended.
Advertisement
18:26 IST, November 4th 2019