Advertisement

Updated November 4th, 2019 at 18:47 IST

Security loophole was discovered in Google Chrome browser, now fixed

Kaspersky researchers recently discovered a zero-day vulnerability CVE-2019-13720 in Google Chrome. It would insert a malicious JavaScript code on the main page

Reported by: Tech Desk
Cybersecurity
| Image:self
Advertisement

Kaspersky researchers recently discovered a zero-day vulnerability CVE-2019-13720 in Google Chrome. The vulnerability would insert a malicious JavaScript code on the main page, further checking if the victim's system could be infected. Upon matching the criteria, the attacker could exploit the loophole through the Google Chrome browser. The attack would then check if the Google Chrome version 65 or later is in use.

Once exploited, it could provide an attacker with a Use-After-Free (UaF) condition. This particular condition is dangerous for the fact that it can further lead to code execution scenarios. Researchers call the exploit 'Operation WizardOpium.' According to them, similarities in the code point to a potential connection between the campaign and Lazarus attacks. The targeted website has a profile, which is similar to the one that was previously discovered in DarkHotel attacks.

“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Meanwhile, Google has released Chrome version 78.0.3904.87 for Windows, Mac and Linux.

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Google Chrome's Srinivas Sista said in his blog post.

Google Chrome security tips

-- Make sure your Google Chrome browser is up-to-date. Ensure to install the Google patch for the new vulnerability as soon as it is available to download and install.

-- Update all software other software installed on your system. This way, the attack won't spread across other areas on your computer system.

-- Researchers recommend users to have Vulnerability Assessment and Patch Management tools installed on their system to automate these processes.

-- Researchers recommend your security team to have access to the most-recent cyber threat intelligence.

-- Understanding and implementation knowledge of the basics in cybersecurity hygiene is recommended.

READ | 67% of companies stay quiet on cyber-security incidents, here's why

READ | Xhelper malware infects 45,000 devices over the past 6 months

Advertisement

Published November 4th, 2019 at 18:26 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

Lok Sabha Elections 2024 LIVE
a few seconds ago
Kerala Nirmal Lottery Sambad Friday Result
a few seconds ago
Xiaomi 14 Ultra
a minute ago
Allu Arjun Unveils His Wax Statue At Madame Tussauds In Dubai
4 minutes ago
How to Keep Yourself Safe from Unhealthy Air?
11 minutes ago
TMC Delgation at ECI Office
23 minutes ago
Congress Press Conference
29 minutes ago
Raw Mango
30 minutes ago
Gen Z worker goes to the salon while “working from home”
32 minutes ago
Lionel Messi
33 minutes ago
Jailed Gangster Mukhtar Ansari Passes Away
35 minutes ago
Advertisement
Advertisement
Advertisement
Whatsapp logo