Hi Chrome Users, weather you are a Windows user or any other operating system user, quickly update your web browsing software to the newest version of google released earlier today. A new 0-day bug found in Google Chrome which is under active attacks.
With the arrival of Chrome 78.0.3904.87, Google is cautioning billions of clients to install an urgent software update quickly to fix two high serious weaknesses, one of which aggressors are effectively abusing in the wild to capture PCs.
According to the chrome security team, these both faults are use-after-free weaknesses, one influencing Chrome’s sound part (CVE-2019-13720) and other effects the PDFium (CVE-2019-13721) library. Moreover, they do not disclose any technical detail regarding this.
The use-after-free susceptibilities is a type of memory corruption that permits debasement or adjustment of information in the memory, empowering an unprivileged client to raise benefits on an influenced framework or software.
Update Google Chrome:
You can update your Google Chrome by following these steps:
- Open Google Chrome. In the top right corner, click on Customize and Control Google Chrome button.
- Click on Help.
- Click on About Google Chrome.
Google Chrome 0-Day Under Active Attacks:
According to Kaspersky researchers, the audio issue is found misused in the rough, though hackers are not yet highlighted. Google’s security team said:
“Google is aware of `reports that an exploit for CVE-2019-13720 exits in the wild”
In March 2019, Google additionally discharged a crisis security update for Chrome after hackers were found effectively abusing a comparative use sans after Chrome zero-day weakness in the wild influencing the browser‘s File Reader segment.
Technical Details of Chrome 0-Day Exploit:
According to the researchers, hackers negotiated a Korean-language news portal. They planted the endeavor code on the site, similar to a watering-gap, to hack PCs of its guests opening the news gateway utilizing powerless forms of Google Chrome.
It installs the basic virus on the targeted system after exploiting chrome weaknesses (CVE-2019-13720), which then connects to a hard-coded remote command-and-control server to download the final payload.
For more details on the Operation Wizard Opium exploiting the recently-patched Chrome vulnerability, you can head on to the new report just published by Kaspersky.
Looking for your Comments……!!!. Comment here and share your experience with us. Don’t forget to subscribe TechCybero and share this post with your colleagues.