Technology
Zero-day vulnerability found in Google Chrome web browser
New Delhi, Nov 4
A new exploited vulnerability in Google Chrome web browser called "CVE-2019-13720", which is a zero-day vulnerability, has been spotted by Russian cyber security firm Kaspersky. The firm has reported it Google and a patch has been released.
Zero-day vulnerabilities are essentially previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage.
The detected exploit was used in what the cyber security firm calls 'Operation WizardOpium'.
Certain similarities in the code point to a possible link between this campaign and Lazarus attacks.
"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors," Anton Ivanov, Security Expert at Kaspersky, said in a statement.
The new exploit is used in attacks that leverage a waterhole-style injection in a Korean-language news portal.
A malicious JavaScript code is inserted in the main page, which in turn, loads a profiling script from a remote site to further check if the victim's system could be infected by examining versions of the browser's user credentials.
The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used.
The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
Zero-day vulnerabilities are essentially previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage.
The detected exploit was used in what the cyber security firm calls 'Operation WizardOpium'.
Certain similarities in the code point to a possible link between this campaign and Lazarus attacks.
"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors," Anton Ivanov, Security Expert at Kaspersky, said in a statement.
The new exploit is used in attacks that leverage a waterhole-style injection in a Korean-language news portal.
A malicious JavaScript code is inserted in the main page, which in turn, loads a profiling script from a remote site to further check if the victim's system could be infected by examining versions of the browser's user credentials.
The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used.
The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
3 hours ago
IPC Houston Fellowship Announces Annual Convention.
5 hours ago
24 News Channel in the forefront to help the revival of Wayanad after landslide tragedy
7 hours ago
Indian Diaspora Excited to Welcome Prime Minister Modi Ahead of U.S. Visit
7 hours ago
Biden Administration Rapidly Allocating Climate Funds as Trump Vows to Cut Them
8 hours ago
Tesla, SpaceX, and X Employees Donate to Harris While Musk Supports Trump
8 hours ago
Biden to Meet Zelenskyy Next Week to Discuss Ukraine War, Says White House
8 hours ago
Woman sentenced to death for blasphemy in Pakistan amid ongoing human rights concerns
8 hours ago
Congress insults India on foreign land, is run by Tukde-Tukde gang, urban naxals": PM Modi
8 hours ago
Hollywood A-listers back Kamala Harris during Oprah show ahead of US polls
8 hours ago
Trump and Republicans Claim Non-Citizen Voting in U.S. Election, Raising Concerns
9 hours ago
Himachal govt to hand over Jangi Thopan Powari hydro project to state power corporation
10 hours ago
Rajasthan govt's amnesty scheme for miners
10 hours ago
India to see 35 lakh weddings from November-mid December, gold demand to surge