Kaspersky uncovers Chrome exploit
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.
Kaspersky has allocated the vulnerability as CVE-2019-13720 and reported it to Google. A patch has been released. Upon review of the PoC provided, Google confirmed that it is a zero-day vulnerability. Kaspersky products detect the exploit as PDM:Exploit.Win32.Generic.
The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used. The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
The detected exploit was used in what Kaspersky experts call “Operation WizardOpium”. Certain similarities in the code point to a possible link between this campaign and Lazarus attacks. Additionally, the profile of the targeted website is similar to what has been found in previous DarkHotel attacks, which have recently deployed comparable false flag attacks.
The exploited vulnerability was detected by Kaspersky’s Exploit Prevention technology, embedded in most of the company’s products.
“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.
Kaspersky recommends taking the following security measures:
• Install the Google patch for the new vulnerability as soon as possible.
• Make sure you update all software used in your organization on a regular basis, and whenever a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.