Google Chrome Emergency Update Issued To Counter ‘High Severity’ Zero-Day Exploit Actively Used In Operation WizardOpium

Developers of the Google Chrome web browser issued an emergency update on Halloween. The update is meant for all stable versions of the popular web browser across all platforms, which is a clear indicator of the severity of the update. Apparently, the security update is meant to counter not one but two security vulnerabilities. What’s more concerning is that one of the security flaws has a zero-day exploit out in the wild already.

Kaspersky Exploit Prevention, an active threat detection component of Kaspersky products caught a new unknown exploit for Google’s Chrome browser. The team reported their findings to the Google Chrome security team and included a Proof of Concept (PoC) as well. After a quick review, Google was clearly convinced that there was indeed an active 0-Day vulnerability existent in the Google Chrome web browser. After quickly escalating the issue to the highest priority, Google issued an emergency update to the web browser. The security vulnerability has been tagged as ‘High Severity 0-Day Exploit’ and affects all the different variants of the Chrome browser across all the different operating systems.

Kaspersky Detects ‘Exploit.Win32.Generic’ 0-Day Vulnerability Which Affects All Google Chrome Browser Versions:

Google confirmed on Halloween that the “stable channel” desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. Unlike the updates that begin rolling out gradually, the latest update should have a rather accelerated deployment. Hence it is critical that Chrome browser users ensure they install the latest update without any delay. In a rather cryptic message, Google issued an advisory that said,

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.”

While Google is being rather incoherent about the security vulnerabilities within Chrome, Kaspersky has unofficially named the attack ‘Operation WizardOpium’. Technically, the attack is an Exploit.Win32.Generic. The maker of antivirus, firewall, and other network security products is still exploring the potential of the attack and the identities of the cybercriminals who may have launched the attack. The team claims some of the code bears some resemblance to the Lazarus attacks, but nothing is ascertained.

According to Kaspersky, the attack appears to mine as much data as possible by loading a malicious profiling script. Apparently, the 0-Day vulnerability was used to inject the malicious JavaScript code. The attack is rather sophisticated as it performs a number of checks to ensure the system can be infected or that it is vulnerable. Only after the qualification checks, does the attack proceed to obtain the true payload and deploy the same.

Google Acknowledges Chrome Zero-Day Exploit And Issues Emergency Update To Counter Threat:

Google has noted that the exploit currently exists in the wild. The company added that the exploit is for the CVE-2019-13720 vulnerability. Incidentally, there’s one other security vulnerability, which has been officially tagged as CVE-2019-13721. Both the security flaws are “use-after-free” vulnerabilities, which exploit memory corruption to escalate privileges on the attacked system. Apparently, the CVE-2019-13720 security vulnerability is being exploited in the wild. It reportedly impacts the Chrome web browser audio component.

Acknowledging both the security threats, Google issued an emergency update for the Chrome browser, but the update appears to be limited to the stable channel at present. The update reportedly contains only the patch for the bugs. Kaspersky is actively engaged in investigating the threat risk, but it is not immediately clear who may have exploited the 0-day vulnerability.

Alap Naik Desai
A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.

Expert Tip

Google Chrome Emergency Update Issued To Counter ‘High Severity’ Zero-Day Exploit Actively Used In Operation WizardOpium

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested