Google Discloses Zero-Day Vulnerability In Chrome Browser Under Active Exploitation

in bug •  5 years ago 


This week Google has made a revelation for their users regarding a zero-day vulnerability in the Google Chrome browser under active exploitation. The present report marks the second Chrome zero-day of this year under active exploitation.

Chrome Browser Zero-Day


Reportedly, researchers from Kaspersky Anton Ivanov, and Alexey Kulaev, have caught a zero-day vulnerability in the Chrome browser. What makes their findings significant is the active exploitation of the bug by hackers.

Specifically, the researchers caught a use after free vulnerability (CVE-2019-13720) in the Chrome browser. They further found the bug under exploit by some yet undetermined attackers.

The researchers call these attacks ‘Operation WizardOpium’. These attacks seem specifically aimed at the newer Chrome browser versions. The researchers found some of the attacks checking the browser version for being Chrome 65 or newer however further review of the code revealed another check for the existence of Chrome 76 or 77 version.

The technical details of the analysis are available in Kaspersky’s blog post.

Patch Rolling Out Soon


Upon discovering the flaw, the researchers reported the matter to Google who acknowledged the zero-day. In a recent post, Google has confirmed the bug alongside another use-after-free vulnerability (CVE-2019-13721).

The tech giant has labeled both the vulnerabilities as high-severity bugs. They have also confirmed the active exploitation of CVE-2019-13720.

Nonetheless, they have assured releasing patches for the bugs soon with the release of Chrome 78.0.3904.87 stable channel for Linux, Mac, and Windows.

For now, Google has not revealed many details about the flaws and the exploit in an attempt to protect the users.

The users of Google Chrome must ensure updating their devices as soon as the patched version rolls out. They can also trigger a manual update by clicking on the ‘About Google Chrome’ option under the ‘Help’ menu.

Earlier this year, Google revealed another use after free vulnerability in Chrome browser (CVE-2019-5786) actively exploited to target Windows 7. Microsoft later released a fix for the flaw following Google’s patch with Chrome 72.0.3626.121.

Let us know your thoughts in the comments.


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/11/05/google-discloses-zero-day-vulnerability-in-chrome-browser-under-active-exploitation/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2019/11/05/google-discloses-zero-day-vulnerability-in-chrome-browser-under-active-exploitation/